Monday, January 18, 2016
Wireless and Wired Network Interceptor - the Interceptor
The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. I haven’t done extensive research but all the ones I found when looking passed the copy of the traffic onto a specified wired interface which was then plugged into a machine to allow a user to monitor the traffic. The problem with this is that you have to be able to route the data from that wired port to your monitoring machine either through a direct cable or through an existing network. The direct cable method means your monitor has to be near by the location you want to tap, the network routing means you have to somehow encapsulate the data to get it across the network without it being affected on route.
The Interceptor does away with the wired monitor port and instead spits out the traffic over wireless meaning the listener can be anywhere they can make a wireless connection to the device. As the data is encrypted (actually, double encrypted, see how it works) the person placing the tap doesn’t have to worry about unauthorized users seeing the traffic.
What Hardware Is Required
This project has been built and tested on a Fon+ but should in theory work on any device which will run OpenWrt and has at least a pair of wired interfaces and a wireless one.
Wireless and Wired Network Interceptor: the Interceptor
This isn’t intended to be a permanent, in-situ device. It is designed for short term trouble shooting or information gathering on low usage networks, as such, it will work well between a printer and a switch but not between a switch and a router. Here are some possible situations for use:
ºPenetration testing – If you can gain physical access to a targets office drop the device between the office printer and switch then sit in the carpark and collect a copy of all documents printed. Or, get an appointment to see a boss and when he leaves the room to get you a drink, drop it on his computer. The relative low cost of the Fon+ means the device can almost be considered disposable and if branded with the right stickers most users wouldn’t think about an extra small box on the network.
ºTroubleshooting – For sys-admins who want to monitor an area of network from the comfort of their desks, just put it in place and fire up your wireless.
ºIDS – If you want to see what traffic is being generated from a PC without interfering with the PC simply add the Interceptor and sit back and watch. As the traffic is cloned to a virtual interface on your monitoring machine you can use any existing tools to scan the data.
Install Notes
There are two sets of install notes, a basic set and a detailed walk-through set. The basic set is the standard set of notes that comes with most packages, the detailed set is a full walk through from flashing the Fon+, installing dependencies, installing Interceptor, starting up and monitoring traffic and finally shutting it down. Most people should find the basic set sufficient but the detailed set are useful if you have any problems.
Limitations
Wireless and Wired Network InterceptorThe main limitation is bandwidth, the wired network can get up to 100Mb/s but the top speed of the wireless is 54Mb/s, add on to that the overhead of encryption and that rate drops down further. This is why the Interceptor won’t work well on high traffic parts of the network.
From tests I’ve done, under high load the network seems to stay up and stable but not all traffic ends up on the monitor interface. I haven’t done any research to find out where the traffic is being dropped, it could be DaemonLogger, the AP or at the VPN. This is good as it means the device doesn’t affect the smooth running of the network but obviously means you may miss some important data. Be aware of this when working with the device.
The software has no fail safe in case of problems. If the hardware or software fails the network connection being tapped will probably be lost. Don’t use the Interceptor in situations where uptime is critical without knowing what you are doing.
Search
Translate
Popular Posts
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
LeakSearch is a simple tool to search and parse plain text passwords using ProxyNova COMB (Combination Of Many Breaches) over the Interne...
-
As mobile applications become more integral to our daily lives, ensuring their security is paramount. Vulnerabilities in mobile apps can exp...
Categories
#Snowden
Active Directory Attacks
Analysis
Android
Android Hack
Android Pentest
Anonimato
Anonymity
Anti-Forensic
Anti-Forensic Tools
Anti-Government
Anti-System
Apache
API Hacking
APK
ARM
Assembly
Attack Map
Auditing Tool
Automation Tools
AvKill
AWS Pentest
Backdoor
Bind
BlueTeam
Bluetooth
Bot
botnet/DDoS
Bounty
Brute Force
Bypass
Certificate
Cheat Sheet
Cloud Forensics
Cloud Pentest
Courses
Cryptography
CTF Engine
CVEs
Cyber Forensics
Cyber War
Data Base
DeepWeb
DevSecOps
Disassembler
DLL Hijacking
Dns Enumeration
Dns Recon
Dns Spoof
Documentary
DoS
Downloads
DUMP
Elearn Security
Email Hacking
Encrypted DNS
Engenharia Reversa
Enumeration
Evasion
EXIF
Exploit
Exploitation Tools
Exposed Leaked
Fake
Filmes e Documentários
Fingerprint
Firewall
Footprint
Frameworks
Fuck The System
Fuzzer
GeoIP
Google Hacking
Hackers
Hackers News
Hackers Tools
Hacking
Hacking Ebook's
Hacking Vídeos
Hacktivism
Hardening
Hardware
Hardware Hack
Hidden
HIDS
Honeypots
How to exit the Matrix
IDS
IDS/IPS
Incident Response
Information Gathering
iOS
IoT
JAVA
Kali
Kali Linux
Keylogger
Labs
Leaked
Leaks
Leave The Matrix
Linux
Linux System
Mac
Malware
Malware Analysis
MetaSploit
Mind Map
MIPS
MITM
Monitoring
Movies
Network
Networking
New World Order
Nmap
Offensive Politics
Offensive Sec
OffSec
OffSec Exclusive Tools
Open Your Mind
OpenSSL
Os Sec
OSINT Tools
OWASP ZAP Scanner
Password Capture
Password Cracking
Passwords
Payload
PCC
PDF
Pentest
Pentest Tools
Phishing Attacks
Phones
PHP
Port Scan
Post-Exploitation Tool
PowerShell
Pr1v8
Privacidade
Privacy
Privilege Escalation
Projects
Proxy
Python
Ransomware
RAT
Recover File and Disk Analyzer
Red Team
Redes
Remote
Reverse
Reverse Engineering
Reverse Shell
RFID
Rootkit
Scan Tools
Security
Security Ebook's
Seriados
Series
Shell
Shell PHP
Shellcode
Shodan
Sniffer
Social Engineering
Source Code
Spoofing
SQLinjection
SSL
Stealer
Steganography
Stress Testing
Study
Subdomain Discovery
SysInternals
Telnet
The Theory of Conspiracy
Threat Intelligence
Tools
Tor
Trojan
Tutorials
Unix System
URL Inspector
Usb Boot
Virtual Machine
Virus
VoIP
VPN
Vulnerabilities
Vulnerability Analysis
WAF
Web Applications
Web Pentesting
Whois
Wifi-Hacks
Windows
Wireless Hacking
Word List
WordPress
X86
XSS
0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.