Pages

Thursday, September 4, 2014

Upside-Down-Ternet: Raspberry Pi Edition

I did a post on this a few years ago, here is an update for 2013. This walkthrough is based on the technique found here: http://www.ex-parrot.com/pete/upside-down-ternet.html

First the disclaimer: Do not do this to any sort of important computer or network, because it WILL break things. This is meant as a prank for home use only; such as confusing your brother, sister, kids, wife, etc... Doing this to a network you don't own is a felony and could result in jail time and fines!

What it does

A small device (Raspberry Pi) powered by either a battery or cell phone charger is connected to your network in front of the intended victim's computer, which will wreak havoc on your victim's internet browsing. This method does not require changing any settings on any target computers. 
The instructions assume that the computer you want to prank is using a DHCP assigned IP address. If the computer is using a manually assigned IP address, the only thing that will happen is the internet will be completely cut off - which isn't very funny. If you want to be really evil, you could put it in front of your internet router, causing all the devices that use your internet to be effected. 

How it works

The Raspberry Pi is configured with with a dnsmasq DHCP server which will assign downstream computers a new IP address and gateway. A squid transparent proxy is installed on the Pi where traffic is redirected using iptables. A redirection script uses mogrify to alter images and then re-hosts the images through the a web server. 

Equipment and Software

* Raspberry Pi Model B with Raspbian installed
* USB Ethernet Adapter
* CAT5 Patch Cable
These instructions assume that the Raspberry Pi is accessible through SSH, and also has access to the internet. Installing and configuring Raspbian is out of the scope of this post. If you need help, here is a great place to start: http://www.raspbian.org/RaspbianInstaller

Prepare the Software

For best results, overclock the pi to 800Mhz, and set to memory split to 32 or 16MB. For some reason my raspberry pi wouldn't boot when configured with 16MB. Also make sure that eth1 is configured with static IP 192.168.254.1.

Dnsmasq

Install with:
 sudo apt-get -y install dnsmasq
Add the following config to /etc/dnsmasq.conf to configure the dhcp server on eth1, which should be the USB ethernet adapter.
 domain-needed
 interface=eth1  
 domain=upside-down-ternet

 dhcp-range=192.168.254.100,192.168.254.200,255.255.255.0,12h

Edit /etc/sysctl.conf to allow the Raspberry Pi to act as a gateway router. Add or uncomment:

 net.ipv4.ip_forward=1
Type /etc/init.d/dnsmasq restart and then plug a laptop into the USB ethernet adapter. You should get an IP in the 192.168.254.xxx range. At this point although the gateway should be reachable, there is no NAT configuration so you won't be able to access the internet.

Squid

Install squid, iptables, and imagemagick:
 sudo apt-get -y install squid3 iptables imagemagick

Edit /etc/squid3/squid.conf and copy the text below. This configures squid to act as a transparent proxy with no caching. It also specifies a redirect script at /etc/squid3/upsidedown.sh.
 cache_mgr dustin
 cachemgr_passwd dustin all
 cache deny all
 redirect_program /etc/squid3/upsidedown.sh
 acl manager proto cache_object
 acl localhost src 127.0.0.1/32 ::1
 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 acl localnet src 192.168.254.0/24 # RFC1918 possible internal network
 acl SSL_ports port 443
 acl Safe_ports port 80  # http
 acl Safe_ports port 21  # ftp
 acl Safe_ports port 443  # https
 acl Safe_ports port 70  # gopher
 acl Safe_ports port 210  # wais
 acl Safe_ports port 1025-65535 # unregistered ports
 acl Safe_ports port 280  # http-mgmt
 acl Safe_ports port 488  # gss-http
 acl Safe_ports port 591  # filemaker
 acl Safe_ports port 777  # multiling http
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access allow localnet
 http_access allow localhost
 http_access deny all
 http_port 3128 transparent
  cache_mem 64 MB
 #cache_dir ufs /var/spool/squid3 150 16 256
 coredump_dir /var/spool/squid3
 refresh_pattern ^ftp:  1440 20% 10080
 refresh_pattern ^gopher: 1440 0% 1440
 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
 refresh_pattern .  0 20% 4320

Iptables

Create a file iptables.sh and copy the text below:
#nat
iptables -t nat -A POSTROUTING -j MASQUERADE
#squid transparent proxy
iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.254.1:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Hit ctrl-o to save the file, then ctrl-x to exit. Now the file needs to be made executable and copied to an appropriate location.

chmod +x iptables.sh
sudo cp iptables.sh /etc/init.d/

Apply the configuration at boot:

sudo update-rc.d iptables.sh start 99

Upside Down Redirection Script

First make sure Apache and perl are installed:
 sudo apt-get install apache2 perl
Create a directory for the modified images and assign permissions:
 sudo mkdir /var/www/images
 sudo chmod 777 /var/www/images
Create the redirection script:
 sudo nano /etc/squid3/upsidedown.pl
Paste this code:
#!/usr/bin/perl
$|=1;
$count = 0;
$pid = $$;
while (<>) {
        chomp $_;
        if ($_ =~ /(.*\.jpg)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpg", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpg");
                print "http://127.0.0.1/images/$pid-$count.jpg\n";
        }
        elsif ($_ =~ /(.*\.gif)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.gif", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.gif");
                print "http://127.0.0.1/images/$pid-$count.gif\n";

        }
        elsif ($_ =~ /(.*\.png)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.png", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.png");
                print "http://127.0.0.1/images/$pid-$count.png\n";

        }
        elsif ($_ =~ /(.*\.jpeg)/i) {
                $url = $1;
                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpeg", "$url");
                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpeg");
                print "http://127.0.0.1/images/$pid-$count.jpeg\n";
        }
        else {
                print "$_\n";;
        }
        $count++;
}

Press ctrl-o to save, then ctrl-x to exit. Make the script executable:
 sudo chmod +x /etc/squid3/upsidedown.pl

Reboot the raspberry pi and make sure everything starts up automatically. Most images should now be shown upside down!

No comments:

Post a Comment