tp-link mr3020 | Hangelot's Website

Tag: tp-link mr3020

Mini AirSniff: portable access point packet sniffer

May 14, 2013 - 01:25 GNU/Linux 2 comments

Mini AirSniff is a portable traffic analyzer and penetration testing box.

Notice:
I am not responsible for any kind of damage. You choose to follow this guide at your own risk.
This guide is made for educational purposes only.

Mini Airsniff works this way: A PC can connect via wifi to the TL-MR3020 and can surf on internet. By using software like Tcpdump all traffic can be captured.

The distribution used for performing all the operations was Debian Testing.

Hardware required:
Tp-Link TL-MR3020
USB flash drive 4Gb (the Cruzer Fit is recommended for small size)

Repartition the USB flash drive as follows:
Partition 1: Linux Swap Device
Partition 2: ext4

Insert the USB stick into the router

Download the OpenWrt image for the TP-Link MR3020 from
http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/

Download the files:
openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin
openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Download airsniff.tar from this link:
http://www.hangelot.eu/immagini/airsniff.tar

You should already have an OpenWrt installed and an active ssh enabling the system password with command passwd.

connect via SSH to the system
ssh root@192.168.1.1

in OpenWrt terminal go to the tmp directory:
cd /tmp

Open a new terminal and go to the directory from where you downloaded the files

Execute this command:
rcp openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin root@192.168.1.1:/tmp/

Now flash the ROM:
mtd -r write /tmp/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-factory.bin firmware

After restart reconnect to the router using the following command:
telnet 192.168.1.1

enable ssh assigning a new password:
passwd

Now copy sysupgrade into openwrt:
rcp openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/

Execute sysupgrade:
sysupgrade -v /tmp/openwrt-ar71xx-generic-tl-mr3020-v1-squashfs-sysupgrade.bin

Wait until router's reboot and then reconnect via ssh:
ssh root@192.168.1.1

Copy airsniff.tar on /usr/share
From a new terminal go to the computer's directory where the airsniff.tar file is located.
Execute this command:
rcp airsniff.tar root@192.168.1.1:/usr/share

From OpenWrt terminal type:
cd /usr/share
tar -xf airsniff.tar

Copy the MAC ADDRESS of the wireless card in order to be able to put in the new configuration file In order to do this it is necessary to enable wifi option from the file /etc/config/wireless
vi /etc/config/wireless

Find this line:
# REMOVE THIS LINE TO ENABLE WIFI
option disabled 1

Insert the # as shown here:
# REMOVE THIS LINE TO ENABLE WIFI
# option disabled 1

Save with :wq! and press enter.
Execute these commands:
wifi
ifconfig wlan0

Copy the mac ADDRESS in a text file.

Execute these commands:
cd /usr/share/airsniff
cp -f /etc/config/dhcp /etc/config/dhcp.orig
cp -f /etc/config/firewall /etc/config/firewall.orig
cp -f /etc/config/fstab /etc/config/fstab.orig
cp -f /etc/config/network /etc/config/network.orig
cp -f /etc/opkg.conf /etc/opkg.conf.orig
cp -f /etc/profile /etc/profile.orig
cp -f /etc/config/wireless /etc/config/wireless.orig
cp -f ./dhcp.0 /etc/config/dhcp
cp -f ./firewall.0 /etc/config/firewall
cp -f ./fstab.0 /etc/config/fstab
cp -f ./network.0 /etc/config/network
cp -f ./opkg.conf.0 /etc/opkg.conf
cp -f ./profile.0 /etc/profile
cp -f ./wireless.0 /etc/config/wireless

Edit the file /etc/config/wireless
vi /etc/config/wireless

Insert the MAC address in the line:
option macaddr 'insert your mac here'

Save with :wq! and press enter.

Check that wlan0 has an assigned IP address executing these commands:
wifi
ifconfig wlan0

Now turnoff the router, connect the ethernet cable into the LAN and turn it on.

The wifi newtork is now 192.168.20.0/24
Connect to the router in wifi mode and connect via SSH:
ssh root@192.168.20.1

Execute these commands:
cd /usr/share/airsniff
opkg update
opkg install kernel
opkg install kmod-usb-storage
opkg install kmod-fs-ext4
opkg install block-mount
mkdir /mnt/usb
/etc/init.d/fstab enable
/etc/init.d/fstab start
ls /mnt/usb

Check that the USB stick is mounted by "mount" or "df"

Execute these commands:
cd /usr/share/airsniff
ln -s /mnt/usb /opt
ln -s /etc /mnt/usb/etc
opkg update
opkg install netcat
opkg -dest usb install tar
opkg -dest usb install openssh-sftp-client
opkg -dest usb install nmap
opkg -dest usb install tcpdump
opkg -dest usb install aircrack-ng
opkg -dest usb install kismet-client
opkg -dest usb install kismet-server
opkg -dest usb install perl
opkg -dest usb install openvpn
opkg -dest usb install nbtscan
opkg -dest usb install snort
opkg -dest usb install karma
opkg -dest usb install samba36-client
opkg -dest usb install elinks
opkg -dest usb install yafc
ln -s /mnt/usb/usr/share/nmap /usr/share/nmap

Now mini AirSniff is ready for use.

Tags: mini airsniff, openwrt, penetration testing, tp link openwrt, tp-link mr3020

Tag: tp-link mr3020

Mini AirSniff: portable access point packet sniffer

Your IP Address:

Categorie Articoli

Articoli recenti

Blogroll