RaspberryPi-Packet-Sniffer | An HTTP and HTTPS sniffing tool created using a Raspberry Pi

Now after the Pi has completed the boot process, a login will appear where you can use the default settings for login into the Pi: Username - pi, Password - raspberry. When you have succeessfully logged in, you will see the command line prompt pi@raspberrypi~$. Now once you are logged into you Pi, run. to update your Pi to the newest available updates. If you have an ethernet cable plugged in into your Pi, you can start the web browser and see if the internet is working or not. Now type ifconfig in the terminal and note the IP address of your Pi in the eth0 interface(this would be the IP address of the Pi). You now want to create a wifi-hotspot using the wifi-card on the Pi. This can be achieved using a service called hostapd but you don't just want the hotspot, you also want the internet access through the wireless access point. You also install the dnsmasq service for this purpose which is an easy to configure DNS and DHCP server. Use the following command and hit y when prompted to do so. The next step you need to do is to provide your wlan0 interface with a static IP. We already have our raspberry pi connected to the ethernet cable from whihc we will be sharing our internet. We will be using dhcpcd(most feature-rich open source DHCP client) to configure our interface configuration so open it up using.
A class 4 Micro SD card of at least 8GB size
A Raspberry Pi 3 board (obviously, but you can also do the same with a lower model Pi along with a wifi-dongle)
A USB cable with an adapter to power the Pi up
Keyboard and Mouse (USB)
A Monitor or a TV as a display for thr Pi
Display connection cables: HDMI cable/ HDMI to VGA converter(if your monitor does not have an HDMI port)
Ethernet cable if you want to access internet through ethernet on the Pi which actualy we do want(Pi 3 comes with a built-in wireless LAN card which is very useful for our purpose, otherwise we would have needed a Wifi-Dongle)
You need to install the latest version of NOOBS or Raspbian on your Pi, and for that you need a bootable SD card with the OS installed on it
You need to format your SD card first. Download SD Formatter 4.0 for either Windows or Mac and install it
Follow the instructions on the software and using a USB Micro SD card reader or an adapter, format the SD card using your laptop or PC
Now you need to install the image of the OS on the Micro SD card. Download the image of the OS from the official website
Download the Win32 Disk Imager and install it on your computer. Now run the application and choose the OS image and the SD card drive from the drop down or browse menu and click on write
Now you have your OS on the SD card and you are ready to use it to boot your Pi
Slot in your Micro SD card into the slot provided on the Raspberry Pi which would fit in only one way
Plug in your USB keyboard and mouse in the port provided on the Pi
Now for display, connect the HDMI cable from the Pi to the Monitor or TV depending on what you are using (you need to make sure that your monitor/TV is turned on and the appropriate mode is selected for display(HDMI/VGA/etc.))
Now plug in the ethernet cable into the ethernet port provided on th Pi next to the USB ports (you can know if its working if your Pi shows a flickering green light when turned on)
When all these cables are plugged in properly, you are ready to fire up the Pi. Just plug in the micro USB power supply and this would turn on and boot your Raspberry Pi
Now after the Pi has completed the boot process, a login will appear where you can use the default settings for login into the Pi: Username - pi, Password - raspberry
When you have succeessfully logged in, you will see the command line prompt pi@raspberrypi~$
Now once you are logged into you Pi, run sudo apt-get update and sudo apt-get upgrade to update your Pi to the newest available updates
If you have an ethernet cable plugged in into your Pi, you can start the web browser and see if the internet is working or not
Now type ifconfig in the terminal and note the IP address of your Pi in the eth0 interface(this would be the IP address of the Pi)
You now want to create a wifi-hotspot using the wifi-card on the Pi. This can be achieved using a service called hostapd but you don't just want the hotspot, you also want the internet access through the wireless access point. You also install the dnsmasq service for this purpose which is an easy to configure DNS and DHCP server
Use the following command and hit y when prompted to do so sudo apt-get install dnsmasq hostapd
The next step you need to do is to provide your wlan0 interface with a static IP. We already have our raspberry pi connected to the ethernet cable from whihc we will be sharing our internet
We will be using dhcpcd(most feature-rich open source DHCP client) to configure our interface configuration so open it up using sudo nano /etc/dhcpcd.conf
We need to tell it that our wlan0 has a static IP. So add these lines to it at the bottom of the file: interface wlan0 static ip_address=172.24.1.1/24
We also need to prevent wpa_supplicant from running and interfering with setting up wlan0 in access point mode. To do this open up the interface configuration file with sudo nano /etc/network/interfaces and comment out the line containing wpa-conf in the wlan0 section, so that it looks like this allow-hotplug wlan0 iface wlan0 inet manual # wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
Now restart dhcpcd with sudo service dhcpcd restart and it should assign wlan0 with a static IP address
Now we need to configure hostapd. Change the configuration file for hostapd using sudo nano /etc/hostapd/hostapd.conf with the contents given in the hostapd.conf file
To check whether all we've been doing is working or not, just run this command sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf If everything goes well, you should be able to see the network Pi3-AP from your mobile phone or laptop device. You can try connecting to it in whoch case you would see some output from the Pi but you won't be allotted an IP address until we configure dnsmasq. So press Ctrl + c to stop it
Right now, hostapd is not configured to work on a fresh boot. So we also need to tell hostapd where to look for the config file when it starts up on boot. Open up the default configuration file with sudo nano /etc/default/hostapd and find the line #DAEMON_CONF="" and replace it with DAEMON_CONF="/etc/hostapd/hostapd.conf" and this would do the job
The dnsmasq config file that comes preinstalled contains a lot of functionalities that we don't require at all so we delete it and create a new one using and paste the contents of dnsmasq.conf into it: sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig sudo nano /etc/dnsmasq.conf
Now we need to enable packet forwarding. For this we need to open sysctl.conf using: sudo nano /etc/sysctl.conf and uncommenting the line net.ipv4.ip_forward=1 and it will be enabled on the next boot
But to enable it for this session we quickly do: sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
Now we also need to share our Pi's internet to the devices connected to it throught the Wifi by configuring a NAT between the eth0 and wlan0 interface. We do this using the following commands: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
But to enable the above settings everytime we boot, we need to do: sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" and this will copy the settings to iptables.ipv4.nat file
now we need dhcpcd to run this and we do this by opening: sudo nano /lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat and adding this to the file and saving it: iptables-restore < /etc/iptables.ipv4.nat
now we are just one step behind sharing our internet through the Pi, just do: sudo service hostapd start sudo service dnsmasq start and reboot the Pi for rechecking everything worked correctly using: sudo reboot Now you would be able to connect to the internet through the Pi's network!
First you would need to install mitmproxy and any dependencies related to it: sudo pip install mitmproxy
Now we need to set up a transparent proxy using the iptables which can be done using the commands in the mitm.sh file
Now run the mitm.sh file using: sudo ./mitm.sh
Now connect your phone to the Pi's hotspot and open your browser and browse some sites and you will see the data being generated in the console will all the http requests and responses
You can use the mitmproxy documentation for more information on how to use, look and store the data collected by mitmproxy
So we are set up as a man in the middle for the users connected to our Pi's network. But note here that we are only able to get information about the HTTP requests and not the HTTPS requests which are encrypted and need further hacking to break into which we do below
To get mitmproxy working for secure sites, you need to make a fake SSL certificate for the site you want to sniff and this would work even when the certificate is invalid because of the reasons given in Priyank's blog which you can go through
So now follow the steps given below to create your fake certificate: openssl genrsa -out myown.cert.key 8192 openssl req -new -x509 -key myown.cert.key -out fakesite.cert Specify all values like Company, BU, Country etc, as they appear in real certificate cat myown.cert.key fakesite.cert > fakesite.pem
Now you can run mitmproxy using this command: mitmproxy -p 8888 –cert=fakesite.pem Note: You can use any available port number in place of 8888
To connect to the network use the same port in advance options setting of the wifi network and then connect
Now you would be able to see request data from the secured site as well using mitmproxy
Raspberry Pi Official Documentation
Frillip's Blog
Marxy's Blog
Priyank's Blog