Daniele Albrizio, profile picture
Uploaded byDaniele Albrizio
ODP, PPTX275 views

Rete di casa e raspberry pi - Home network and Raspberry Pi

The document discusses setting up a Raspberry Pi 3 to improve home network privacy and security. It describes installing Kali Linux on the Raspberry Pi and configuring it with NAT, DHCP, and an access point to monitor network traffic. It also covers using Pi-hole for ad blocking and tools like Wireshark for sniffing and analyzing traffic patterns on the home network. The goal is to gain more visibility and control over devices connected to the network to limit information leakage and unauthorized behavior.

Embed presentation

Download as ODP, PPTX
Home network and Raspberry PiHome network and Raspberry Pi Daniele AlbrizioDaniele Albrizio daniele@albrizio.itdaniele@albrizio.it By Evan-Amos - Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=56262833
2 What exactly is Raspberry Pi? ● The Raspberry Pi Foundation is a charity founded in 2009 to promote the study of basic computer science in schools, and is responsible for developing a single-board computer called the Raspberry Pi, the UK's best-selling PC of all time.
3 Raspberry Pi 3 2016 ● 1.2 GHz 64-bit quad-core ARM Cortex-A53 ● 500 MHz SDRAM ● SoC Broadcom BCM2837 ● GPU Broadcom VideoCore IV @ 250 MHz (BCM2837: 3D part of GPU @ 300 MHz, video part of GPU @ 400 Mhz), 1080p30 H.264/MPEG-4 AVC high-profile decoder and encoder ● 1GB SDRAM shared with GPU ● 4xUSB 2.0 ● 15-pin MIPI camera interface (CSI) connector
4 Raspberry Pi 3 2016 ● HDMI (rev 1.3), composite video (3.5 mm TRRS jack), MIPI display interface (DSI) for raw LCD panels ● Analog audio via 3.5 mm phone jack; digital via HDMI ● MicroSDHC slot ● 10/100 Mbit/s Ethernet
5 Raspberry Pi 3 2016 ● 17 x GPIO ● 300 mA (1.5 W) average when idle, 1.34 A (6.7 W) maximum under stress ● Powered by 5 V via MicroUSB or GPIO header ● Bluetooth 4.1 ● 802.11n wireless
6 Privacy concerns in a home network ● What are all my devices really doing on my network? ● Are all network flows licit? ● What can I do to limit information leakage and uncontrolled behaviour?
7 Needs ● Insulate my (trusted?) DSL router and main PC from wireless untrusted devices like smart- phones and IoTs (forwarding, NAT, hostapd) ● Traffic Analisys and consciousness (wireshark) ● Firewalling (iptables at the moment) ● Bonus: – ADs removal (Pi-hole)
8
9 Shopping list ● Raspberry Pi 3 ● Heat sinks ● Case ● SDCard ● Usb power supply
10 Base Distro ● Raspbian (base) ● Kali (some VA and security testing) ● https://www.offensive-security.com/kali-linux-arm-images/ ● https://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-p – # dd if=kali-xxxxx-rpi.img of=/dev/sdX bs=512k – Where sdX is your sdcard device: please be absolutely sure of which is your sdcard device before flashing: data loss danger. ● Insert your SDcard and power on your Raspberry
11 First steps ● Bind the Raspberry IP on your DSL router dhcp (reservation) ● Access via ssh using user:root pass:toor keyboard/monitor-less ● Install hostapd, tcpdump, isc-dhcp-server – sudo apt install hostapd tcpdump isc-dhcp-server ● Install PC authorized key in the raspberry (optional) – ssh-copy-id -i ~/.ssh/id_rsa.pub root@kalihost
12 Disable Network Manager for Wi-Fi interface to avoid conflicts ● service network-manager restart #/etc/NetworkManager/nm-system-settings.conf [main] plugins=ifupdown,keyfile [ifupdown] managed=false [keyfile] unmanaged-devices=mac:8a:70:95:99:99:99
13 Configure NAT and IP address ● for the wireless lan interface # file /etc/network/interfaces auto wlan0 iface wlan0 inet static address 10.5.5.1 netmask 255.255.255.0 post-up iptables -t nat -A POSTROUTING -s 10.5.5.0/24 -o eth0 -j MASQUERADE By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795881
14 IP Forwarding (like a router) ● In /etc/sysctl.d/99-sysctl.conf – net.ipv4.ip_forward=1 ● Reload parameters – sysctl -p /etc/sysctl.conf ● Verify the parameter is “1” – cat /proc/sys/net/ipv4/ip_forward
15 Enable DHCP server on wlan0 ● Enable dhcp server upon boot – sudo update-rc.d isc-dhcp-server enable ● Start the dhcp server – sudo isc-dhcp-server start #/etc/dhcp/dhcpd.conf subnet 10.5.5.0 netmask 255.255.255.0 { range 10.5.5.26 10.5.5.36; option domain-name-servers 10.5.5.1; #option domain-name-servers 8.8.8.8, 8.8.4.4; option domain-name "internal.example.org"; option routers 10.5.5.1; option broadcast-address 10.5.5.255; default-lease-time 600; max-lease-time 7200; } #/etc/default/isc-dhcp-server INTERFACESv4="wlan0"
16 Enable Wi-Fi Access Point ● Insert DAEMON_CONF="/etc/hostapd/hostapd.conf" in /etc/default/hostapd ● Modify and customize hostapd.conf (see next slide) ● Enable startup on boot – sudo update-rc.d hostapd enable ● Start the access point – sudo service hostapd start
17 /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 ssid=trap hw_mode=g ieee80211n=1 wmm_enabled=1 # Low priority / AC_BK = background wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 […] macaddr_acl=0 ignore_broadcast_ssid=0 wpa=1 wpa_passphrase=lamiapassphrasesegreta wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP ieee80211w=n #ap_isolate=1 channel=6 acs_num_scans=5 acs_chan_bias=1:0.8 6:0.8 11:0.8 chanlist=1 6 11 By Maripo GODA - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=18774788
18 Traffic dump and sniff ● Use the following script to remotely dump (on your PC) traffic from your raspberry and show it in your local wireshark – Your raspberry being 192.168.1.5 and your pc being 192.168.1.10 #!/bin/sh ssh root@192.168.1.5 tcpdump -U -s0 'not((host 192.168.1.5 and port 22)or(host 192.168.1.10 and port 22))' -i wlan0 -w - | wireshark -k -i -
19 Wireshark ● Industry standard sniffer ● Provides highlighting, correlation, decoding, filtering, etc.. ● Multiplatform (linux, windows, mac) ● Provides statistics and flow analysis
20 I need you ● Connectivity hungry apps as soon as a smartphone connects:
21 Connectivity Check without SSL ● GET /generate_204 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 Host: connectivitycheck.gstatic.com Connection: Keep-Alive Accept-Encoding: gzip ● HTTP/1.1 204 No Content Content-Length: 0 Date: Fri, 27 Oct 2017 18:48:06 GMT
22 YeeLight strange pattern ● I tought I bought a LAN controlled light ● A WAN one I got
23 Who the hell is this one? ● $ geoiplookup 52.221.85.229 – GeoIP Country Edition: SG, Singapore ● $ host 52.221.85.229 – 229.85.221.52.in-addr.arpa domain name pointer ec2-52-221-85-229.ap-southeast- 1.compute.amazonaws.com.
24 Further findings ● Telegram uses non TLS encryption on tcp port 80 ● Whatsapp sometimes uses google dns 8.8.8.8 to reach its servers
25 Ads and Privacy ● Profiling – Cookies – Referrals – Javascripts – Biometrics (fingerprinting of mouse movements or keyboard typing) By Nicolasbuenaventura - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=32181778
26 Bonus track: Pi-Hole ● Advertising blackholing ● On-the-access-point ● Web interface ● Extensive statistics ● Customizable lists, white and black ones ● Disable button
27 Install Pi-hole ● Download and install Pi-hole – curl -sSL https://install.pi-hole.net | bash ● Customize /etc/pihole/setupVars.conf for using wlan0 addresses – PIHOLE_INTERFACE=wlan0 – IPV4_ADDRESS=10.5.5.1/24 ● Change Pi-hole web interface management password – pihole -a -p somepasswordhere ● You can also remove the password by not passing an argument – pihole -a -p ● Head your browser at http://192.168.1.5/admin
28
29
30
31
32
33
34
35
36
37
38 Spare space for fun ● Security Webcam using motion ● Plenty of GPIO space
39 What we learned to improve our privacy consciousness ● What is Raspberry ● How to install Kali Linux on Raspberry Pi 3 ● Setup a wireless router using NAT and DHCP ● Sniff and read realtime traffic pattern ● AD’s suppression ● ...
40 Quest'opera è stata rilasciata con licenza Creative Commons Attribuzione - Non commerciale - Condividi allo stesso modo 3.0 Italia. Per leggere una copia della licenza visita il sito web http://creativecommons.org/licenses/by-nc-sa/3.0/it/ o spedisci una lettera a Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Alcune immagini hanno licenze d’uso differenti e sono indicate sulle immagini stesse. Daniele Albrizio daniele@albrizio.it Questions?Questions?
41 Further readings ● Yeelight hardware and software reverse engineered – https://hackernoon.com/inside-the-bulb-adventures-in-re – https://github.com/OpenMiHome/mihome-binary-protoco

More Related Content

ODP
Raspberry Pi and Amateur Radio
byKevin Hooke
 
PDF
Raspberry Pi and Amateur Radio - 2020 update
byKevin Hooke
 
PPTX
Raspberry Pi 3 + UART/Bluetooth issues
byyeokm1
 
PPTX
Nomenclatura QNAP
byFernando Barrientos
 
PPTX
Connected hardware for Software Engineers 101
byPance Cavkovski
 
DOCX
Ex.no1
byVairavel C
 
PDF
4. open mano set up and usage
byvideos
 
KEY
Internet of Things
byAndy Gelme
 
Raspberry Pi and Amateur Radio
byKevin Hooke
 
Raspberry Pi and Amateur Radio - 2020 update
byKevin Hooke
 
Raspberry Pi 3 + UART/Bluetooth issues
byyeokm1
 
Nomenclatura QNAP
byFernando Barrientos
 
Connected hardware for Software Engineers 101
byPance Cavkovski
 
Ex.no1
byVairavel C
 
4. open mano set up and usage
byvideos
 
Internet of Things
byAndy Gelme
 

What's hot

PDF
NodeMCU ESP8266 workshop 1
byAndy Gelme
 
PDF
ESP8266 and IOT
bydega1999
 
PDF
Exploring Raspberry Pi
byLentin Joseph
 
PDF
66_pfSenseTutorial
bytutorialsruby
 
PDF
How to Connect MQTT Broker on ESP8266 WiFi
byNaoto MATSUMOTO
 
PDF
3. configuring a compute node for nfv
byvideos
 
PPT
Windows 3.1 (WFW) on vintage and modern hardware
byyeokm1
 
PDF
6. hands on - open mano demonstration in remote pool of servers
byvideos
 
PDF
Snort
bybala150985
 
ODP
pfSense presentation
bySimon Vass
 
PDF
9 creating cent_os 7_mages_for_dpdk_training
byvideos
 
PDF
How to train your L3DSR with PBR - MEMO -
byNaoto MATSUMOTO
 
PDF
Polstra 44con2012
byPhilip Polstra
 
PDF
Raspberry Pi - HW/SW Application Development
byCorley S.r.l.
 
PDF
NZNOG 2020 - Getting IPv6 Private Addressing Right
byMark Smith
 
ODP
DigiPinguïns: demo Raspberry Pi (Koen De Smet)
byAvansa Mid- en Zuidwest
 
PDF
5. hands on - building local development environment with Open Mano
byvideos
 
PDF
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
byRaul Chong
 
PDF
Making wearables with NodeMCU - FOSDEM 2017
byEtiene Dalcol
 
NodeMCU ESP8266 workshop 1
byAndy Gelme
 
ESP8266 and IOT
bydega1999
 
Exploring Raspberry Pi
byLentin Joseph
 
66_pfSenseTutorial
bytutorialsruby
 
How to Connect MQTT Broker on ESP8266 WiFi
byNaoto MATSUMOTO
 
3. configuring a compute node for nfv
byvideos
 
Windows 3.1 (WFW) on vintage and modern hardware
byyeokm1
 
6. hands on - open mano demonstration in remote pool of servers
byvideos
 
Snort
bybala150985
 
pfSense presentation
bySimon Vass
 
9 creating cent_os 7_mages_for_dpdk_training
byvideos
 
How to train your L3DSR with PBR - MEMO -
byNaoto MATSUMOTO
 
Polstra 44con2012
byPhilip Polstra
 
Raspberry Pi - HW/SW Application Development
byCorley S.r.l.
 
NZNOG 2020 - Getting IPv6 Private Addressing Right
byMark Smith
 
DigiPinguïns: demo Raspberry Pi (Koen De Smet)
byAvansa Mid- en Zuidwest
 
5. hands on - building local development environment with Open Mano
byvideos
 
Rapidly developing IoT (Internet of Things) applications - Part 2: Arduino, B...
byRaul Chong
 
Making wearables with NodeMCU - FOSDEM 2017
byEtiene Dalcol
 

Similar to Rete di casa e raspberry pi - Home network and Raspberry Pi

PPT
Smart Wireless Surveillance Monitoring using RASPBERRY PI
byKrishna Kumar
 
PPTX
Capstone_Project.ppt
byDhruvkumar Panchal
 
PPTX
Up and running with Raspberry Pi
byShahed Mehbub
 
PDF
Raspberry Pi By Example 1st Edition Pajankar Ashwin Kakkar Arush
byfaqotdfh44
 
PDF
Embedded Systems: Lecture 8: The Raspberry Pi as a Linux Box
byAhmed El-Arabawy
 
PPTX
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
bymahendrarm2112
 
DOCX
Automation of pheromone traps
bysarvan k
 
PDF
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
byEnablex io
 
PPTX
Coffee & Pi - Getting Started with Python
byBrad ☼ Derstine
 
PDF
Raspberry pi 3
bySanket Kakde
 
PPTX
Network Security: Protecting SOHO Networks
byJim Gilsinn
 
PDF
Raspberry JAM 1 - Setup Raspberry Pi with Raspbian -Vick Nesh
byTE4P
 
PDF
Raspi_TOR_Access_Point_BenMoore
byBenjamin Moore
 
PDF
Raspberry pi: Conceptos básicos de la arquitectura de la computadora raspberr...
bySANTIAGO PABLO ALBERTO
 
PPTX
SP IoT Doorbell
byyeokm1
 
PDF
Securing a Raspberry Pi and other DIY IoT devices
byIan Kluft
 
PPTX
Rasperry pi Part 12
byTechvilla
 
PDF
Raspberry pi: Aspectos básicos del servidor Raspberry pi 2 de piotr j. kula.
bySANTIAGO PABLO ALBERTO
 
PPTX
Coffee & Pi - Fall into Pi
byBrad ☼ Derstine
 
PPTX
Concise Courses Raspberry Pi
bydjp55
 
Smart Wireless Surveillance Monitoring using RASPBERRY PI
byKrishna Kumar
 
Capstone_Project.ppt
byDhruvkumar Panchal
 
Up and running with Raspberry Pi
byShahed Mehbub
 
Raspberry Pi By Example 1st Edition Pajankar Ashwin Kakkar Arush
byfaqotdfh44
 
Embedded Systems: Lecture 8: The Raspberry Pi as a Linux Box
byAhmed El-Arabawy
 
DISCOVERING PUBLIC Wi-Fi VULNERABILITIES USING RASBERRY PI AND.pptx
bymahendrarm2112
 
Automation of pheromone traps
bysarvan k
 
Develop Smart Solutions with Raspberry Pi and EnableX Live Video API
byEnablex io
 
Coffee & Pi - Getting Started with Python
byBrad ☼ Derstine
 
Raspberry pi 3
bySanket Kakde
 
Network Security: Protecting SOHO Networks
byJim Gilsinn
 
Raspberry JAM 1 - Setup Raspberry Pi with Raspbian -Vick Nesh
byTE4P
 
Raspi_TOR_Access_Point_BenMoore
byBenjamin Moore
 
Raspberry pi: Conceptos básicos de la arquitectura de la computadora raspberr...
bySANTIAGO PABLO ALBERTO
 
SP IoT Doorbell
byyeokm1
 
Securing a Raspberry Pi and other DIY IoT devices
byIan Kluft
 
Rasperry pi Part 12
byTechvilla
 
Raspberry pi: Aspectos básicos del servidor Raspberry pi 2 de piotr j. kula.
bySANTIAGO PABLO ALBERTO
 
Coffee & Pi - Fall into Pi
byBrad ☼ Derstine
 
Concise Courses Raspberry Pi
bydjp55
 

More from Daniele Albrizio

ODP
E va bene, passo a Linux. Da dove inizio?
byDaniele Albrizio
 
ODP
free radius 201106
byDaniele Albrizio
 
ODP
Le esperienze Insiel nell'Open Source - Margherita Forcolin, Sergio Barletta
byDaniele Albrizio
 
ODP
Metasploit3 - David Calligaris
byDaniele Albrizio
 
ODP
Va sui miei siti web
byDaniele Albrizio
 
ODP
Un tesoro nascosto nella linea di comando
byDaniele Albrizio
 
ODP
Dns e bind
byDaniele Albrizio
 
ODP
Un approccio scalabile e robusto per il mail filtering. - Simone Marzona
byDaniele Albrizio
 
PDF
La rivincita di Linux: da MS Windows TS ai client Linux embedded e xrdp. - Ro...
byDaniele Albrizio
 
ODP
Lightning saml
byDaniele Albrizio
 
E va bene, passo a Linux. Da dove inizio?
byDaniele Albrizio
 
free radius 201106
byDaniele Albrizio
 
Le esperienze Insiel nell'Open Source - Margherita Forcolin, Sergio Barletta
byDaniele Albrizio
 
Metasploit3 - David Calligaris
byDaniele Albrizio
 
Va sui miei siti web
byDaniele Albrizio
 
Un tesoro nascosto nella linea di comando
byDaniele Albrizio
 
Dns e bind
byDaniele Albrizio
 
Un approccio scalabile e robusto per il mail filtering. - Simone Marzona
byDaniele Albrizio
 
La rivincita di Linux: da MS Windows TS ai client Linux embedded e xrdp. - Ro...
byDaniele Albrizio
 
Lightning saml
byDaniele Albrizio
 

Recently uploaded

PPTX
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
PDF
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 
PDF
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
PDF
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
PDF
DNS Principles and Operations - Lecture 01
byInternet Systems Consortium and University of Ostrava
 
PDF
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
PDF
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
PDF
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
PDF
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
PDF
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
PDF
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
PDF
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
PPTX
Presentation4.pptx space it's exploration
byvarung3424
 
PPTX
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 
Understanding Universal Acceptance (UA) and Technical Challenges
byBangladesh Network Operators Group
 
Optimizing DNS Performance in Kubernetes: Challenges and Best Practices
byBangladesh Network Operators Group
 
DNSSEC Deployment for .BD SLDs by Abdul Awal
byBangladesh Network Operators Group
 
Hybrid Mesh Firewall: Network firewall revolution
byBangladesh Network Operators Group
 
DNS Principles and Operations - Lecture 01
byInternet Systems Consortium and University of Ostrava
 
DNS Principles and Operations - Lecture 05
byInternet Systems Consortium and University of Ostrava
 
DNS Principles and Operations - Lecture 04
byInternet Systems Consortium and University of Ostrava
 
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
Ethereum Fusaka Upgrade Set For December 3: Everything you need to know | 3.0 TV
by3verseTV
 
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
Presentation4.pptx space it's exploration
byvarung3424
 
Types of conflicthjhhkjljljjikjhbsakmxlsakx;lsakxla,xa,x.a,laxlaklsadisjcjsdd
bykburdzenidzeboys
 

Rete di casa e raspberry pi - Home network and Raspberry Pi

  • 1.
    Home network andRaspberry PiHome network and Raspberry Pi Daniele AlbrizioDaniele Albrizio daniele@albrizio.itdaniele@albrizio.it By Evan-Amos - Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=56262833
  • 2.
    2 What exactly isRaspberry Pi? ● The Raspberry Pi Foundation is a charity founded in 2009 to promote the study of basic computer science in schools, and is responsible for developing a single-board computer called the Raspberry Pi, the UK's best-selling PC of all time.
  • 3.
    3 Raspberry Pi 32016 ● 1.2 GHz 64-bit quad-core ARM Cortex-A53 ● 500 MHz SDRAM ● SoC Broadcom BCM2837 ● GPU Broadcom VideoCore IV @ 250 MHz (BCM2837: 3D part of GPU @ 300 MHz, video part of GPU @ 400 Mhz), 1080p30 H.264/MPEG-4 AVC high-profile decoder and encoder ● 1GB SDRAM shared with GPU ● 4xUSB 2.0 ● 15-pin MIPI camera interface (CSI) connector
  • 4.
    4 Raspberry Pi 32016 ● HDMI (rev 1.3), composite video (3.5 mm TRRS jack), MIPI display interface (DSI) for raw LCD panels ● Analog audio via 3.5 mm phone jack; digital via HDMI ● MicroSDHC slot ● 10/100 Mbit/s Ethernet
  • 5.
    5 Raspberry Pi 32016 ● 17 x GPIO ● 300 mA (1.5 W) average when idle, 1.34 A (6.7 W) maximum under stress ● Powered by 5 V via MicroUSB or GPIO header ● Bluetooth 4.1 ● 802.11n wireless
  • 6.
    6 Privacy concerns ina home network ● What are all my devices really doing on my network? ● Are all network flows licit? ● What can I do to limit information leakage and uncontrolled behaviour?
  • 7.
    7 Needs ● Insulate my(trusted?) DSL router and main PC from wireless untrusted devices like smart- phones and IoTs (forwarding, NAT, hostapd) ● Traffic Analisys and consciousness (wireshark) ● Firewalling (iptables at the moment) ● Bonus: – ADs removal (Pi-hole)
  • 8.
  • 9.
    9 Shopping list ● RaspberryPi 3 ● Heat sinks ● Case ● SDCard ● Usb power supply
  • 10.
    10 Base Distro ● Raspbian(base) ● Kali (some VA and security testing) ● https://www.offensive-security.com/kali-linux-arm-images/ ● https://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-p – # dd if=kali-xxxxx-rpi.img of=/dev/sdX bs=512k – Where sdX is your sdcard device: please be absolutely sure of which is your sdcard device before flashing: data loss danger. ● Insert your SDcard and power on your Raspberry
  • 11.
    11 First steps ● Bindthe Raspberry IP on your DSL router dhcp (reservation) ● Access via ssh using user:root pass:toor keyboard/monitor-less ● Install hostapd, tcpdump, isc-dhcp-server – sudo apt install hostapd tcpdump isc-dhcp-server ● Install PC authorized key in the raspberry (optional) – ssh-copy-id -i ~/.ssh/id_rsa.pub root@kalihost
  • 12.
    12 Disable Network Managerfor Wi-Fi interface to avoid conflicts ● service network-manager restart #/etc/NetworkManager/nm-system-settings.conf [main] plugins=ifupdown,keyfile [ifupdown] managed=false [keyfile] unmanaged-devices=mac:8a:70:95:99:99:99
  • 13.
    13 Configure NAT andIP address ● for the wireless lan interface # file /etc/network/interfaces auto wlan0 iface wlan0 inet static address 10.5.5.1 netmask 255.255.255.0 post-up iptables -t nat -A POSTROUTING -s 10.5.5.0/24 -o eth0 -j MASQUERADE By Yangliy at English Wikibooks - Transferred from en.wikibooks to Commons., Public Domain, https://commons.wikimedia.org/w/index.php?curid=61795881
  • 14.
    14 IP Forwarding (likea router) ● In /etc/sysctl.d/99-sysctl.conf – net.ipv4.ip_forward=1 ● Reload parameters – sysctl -p /etc/sysctl.conf ● Verify the parameter is “1” – cat /proc/sys/net/ipv4/ip_forward
  • 15.
    15 Enable DHCP serveron wlan0 ● Enable dhcp server upon boot – sudo update-rc.d isc-dhcp-server enable ● Start the dhcp server – sudo isc-dhcp-server start #/etc/dhcp/dhcpd.conf subnet 10.5.5.0 netmask 255.255.255.0 { range 10.5.5.26 10.5.5.36; option domain-name-servers 10.5.5.1; #option domain-name-servers 8.8.8.8, 8.8.4.4; option domain-name "internal.example.org"; option routers 10.5.5.1; option broadcast-address 10.5.5.255; default-lease-time 600; max-lease-time 7200; } #/etc/default/isc-dhcp-server INTERFACESv4="wlan0"
  • 16.
    16 Enable Wi-Fi AccessPoint ● Insert DAEMON_CONF="/etc/hostapd/hostapd.conf" in /etc/default/hostapd ● Modify and customize hostapd.conf (see next slide) ● Enable startup on boot – sudo update-rc.d hostapd enable ● Start the access point – sudo service hostapd start
  • 17.
    17 /etc/hostapd/hostapd.conf interface=wlan0 driver=nl80211 ssid=trap hw_mode=g ieee80211n=1 wmm_enabled=1 # Low priority/ AC_BK = background wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 […] macaddr_acl=0 ignore_broadcast_ssid=0 wpa=1 wpa_passphrase=lamiapassphrasesegreta wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP CCMP rsn_pairwise=CCMP ieee80211w=n #ap_isolate=1 channel=6 acs_num_scans=5 acs_chan_bias=1:0.8 6:0.8 11:0.8 chanlist=1 6 11 By Maripo GODA - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=18774788
  • 18.
    18 Traffic dump andsniff ● Use the following script to remotely dump (on your PC) traffic from your raspberry and show it in your local wireshark – Your raspberry being 192.168.1.5 and your pc being 192.168.1.10 #!/bin/sh ssh root@192.168.1.5 tcpdump -U -s0 'not((host 192.168.1.5 and port 22)or(host 192.168.1.10 and port 22))' -i wlan0 -w - | wireshark -k -i -
  • 19.
    19 Wireshark ● Industry standardsniffer ● Provides highlighting, correlation, decoding, filtering, etc.. ● Multiplatform (linux, windows, mac) ● Provides statistics and flow analysis
  • 20.
    20 I need you ●Connectivity hungry apps as soon as a smartphone connects:
  • 21.
    21 Connectivity Check withoutSSL ● GET /generate_204 HTTP/1.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 Host: connectivitycheck.gstatic.com Connection: Keep-Alive Accept-Encoding: gzip ● HTTP/1.1 204 No Content Content-Length: 0 Date: Fri, 27 Oct 2017 18:48:06 GMT
  • 22.
    22 YeeLight strange pattern ●I tought I bought a LAN controlled light ● A WAN one I got
  • 23.
    23 Who the hellis this one? ● $ geoiplookup 52.221.85.229 – GeoIP Country Edition: SG, Singapore ● $ host 52.221.85.229 – 229.85.221.52.in-addr.arpa domain name pointer ec2-52-221-85-229.ap-southeast- 1.compute.amazonaws.com.
  • 24.
    24 Further findings ● Telegramuses non TLS encryption on tcp port 80 ● Whatsapp sometimes uses google dns 8.8.8.8 to reach its servers
  • 25.
    25 Ads and Privacy ●Profiling – Cookies – Referrals – Javascripts – Biometrics (fingerprinting of mouse movements or keyboard typing) By Nicolasbuenaventura - Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=32181778
  • 26.
    26 Bonus track: Pi-Hole ●Advertising blackholing ● On-the-access-point ● Web interface ● Extensive statistics ● Customizable lists, white and black ones ● Disable button
  • 27.
    27 Install Pi-hole ● Downloadand install Pi-hole – curl -sSL https://install.pi-hole.net | bash ● Customize /etc/pihole/setupVars.conf for using wlan0 addresses – PIHOLE_INTERFACE=wlan0 – IPV4_ADDRESS=10.5.5.1/24 ● Change Pi-hole web interface management password – pihole -a -p somepasswordhere ● You can also remove the password by not passing an argument – pihole -a -p ● Head your browser at http://192.168.1.5/admin
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
    38 Spare space forfun ● Security Webcam using motion ● Plenty of GPIO space
  • 39.
    39 What we learnedto improve our privacy consciousness ● What is Raspberry ● How to install Kali Linux on Raspberry Pi 3 ● Setup a wireless router using NAT and DHCP ● Sniff and read realtime traffic pattern ● AD’s suppression ● ...
  • 40.
    40 Quest'opera è statarilasciata con licenza Creative Commons Attribuzione - Non commerciale - Condividi allo stesso modo 3.0 Italia. Per leggere una copia della licenza visita il sito web http://creativecommons.org/licenses/by-nc-sa/3.0/it/ o spedisci una lettera a Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Alcune immagini hanno licenze d’uso differenti e sono indicate sulle immagini stesse. Daniele Albrizio daniele@albrizio.it Questions?Questions?
  • 41.
    41 Further readings ● Yeelighthardware and software reverse engineered – https://hackernoon.com/inside-the-bulb-adventures-in-re – https://github.com/OpenMiHome/mihome-binary-protoco