Fork heavily differs by automating from the official RPi Documentation

📡 RaspberryPi-Packet-Sniffer

A simple HTTP and HTTPS sniffing tool created using Raspberry Pi (only for educational purposes)

Notes:

• Attempts to automate the process listed here in official Raspberry Pi docs: https://www.raspberrypi.com/documentation/computers/configuration.html#setting-up-a-routed-wireless-access-point
• Tested on Release 5.15.32-v7+ #1538 SMP Thu Mar 31 19:38:48 BST 2022 armv7l on an Raspberry Pi 3B Model

Setting up your Raspberry Pi

Prerequisites:

• Ensure you have administrative access to your Raspberry Pi. The network setup will be modified as part of the installation: local access, with screen and keyboard connected to your Raspberry Pi, is recommended.

• Connect your Raspberry Pi to the Ethernet network and boot the Raspberry Pi OS.

• Ensure the Raspberry Pi OS on your Raspberry Pi is up-to-date and reboot if packages were installed in the process.

• Take note of the IP configuration of the Ethernet network the Raspberry Pi is connected to:

  In this document, we assume IP network 10.10.0.0/24 is configured on the Ethernet LAN, and the Raspberry Pi is going to manage IP network 192.168.4.0/24 for wireless clients.

  Please select another IP network for wireless, e.g. 192.168.10.0/24, if IP network 192.168.4.0/24 is already in use by your Ethernet LAN.

• Have a wireless client (laptop, smartphone, …) ready to test your new access point.

Getting the Operating System to install on the Pi

1. You need to install the latest version of NOOBS or Raspbian on your Pi, and for that you need a bootable SD card with the OS installed on it.
2. Format your SD card with Raspberry Pi Imager. You can also setup SSH and a user With the offical imager in the settings before you write to the sd card. This way you won't have to use the GUI and can just SSH into your Pi.
3. Follow the instructions on the software and using a USB Micro SD card reader or an adapter.
4. Now you have your OS on the SD card and you are ready to use it to boot your Pi.

Logging into your Raspberry Pi

1. SSH in with the user you setup. ssh <user>@<RPi IP>.

2. Once you are logged into you Pi, run:

   sudo apt-get update

   and

   sudo apt-get upgrade

   to update your Pi to the newest available updates

Create a Wifi-access Point

1. If you have an ethernet cable plugged in into your Pi, you can start the web browser and see if the internet is working or not.

2. Now type ifconfig in the terminal and note the IP address of your Pi in the eth0 interface(this would be the IP address of the Pi).

3. You now want to create a wifi-hotspot using the wifi-card on the Pi. This can be achieved using a service called hostapd but you don't just want the hotspot, you also want the internet access through the wireless access point. You also install the dnsmasq service for this purpose which is an easy to configure DNS and DHCP server.

4. ❗ Edit hostapd file to preferred ssid and wpa_passphrase ❗

5. Use the following command and hit y when prompted to do so

   sudo ./setup.sh

Now you would be able to connect to the internet through the Pi's network!

Machine in the Middle Pi

1. Now run the mitm.sh file using:

   sudo ./mitm.sh

2. Now connect your phone to the Pi's hotspot and open your browser and browse some sites and you will see the data being generated in the console will all the http requests and responses.

3. You can use the mitmproxy documentation for more information on how to use, look and store the data collected by mitmproxy.

4. So we are set up as a man in the middle for the users connected to our Pi's network. But note here that we are only able to get information about the HTTP requests and not the HTTPS requests which are encrypted and need further hacking to break into which we do below.

Configuring mitmproxy for secure connections

1. To get mitmproxy working for secure sites, you need to make a fake SSL certificate for the site you want to sniff and this would work even when the certificate is invalid because of the reasons given in Priyank's blog which you can go through.

2. So now follow the steps given below to create your fake certificate:

   openssl genrsa -out myown.cert.key 8192
   openssl req -new -x509 -key myown.cert.key -out fakesite.cert

   Specify all values like Company, BU, Country etc, as they appear in real certificate

   cat myown.cert.key fakesite.cert > fakesite.pem

3. Now you can run mitmproxy using this command:

   mitmproxy -p 8888 –cert=fakesite.pem

   Note: You can use any available port number in place of 8888.

4. To connect to the network use the same port in advance options setting of the wifi network and then connect.

5. Now you would be able to see request data from the secured site as well using mitmproxy