TELE3119 Trusted Networks Lab 1(a),(b) Sniffing wireless traffic [10 points, Due Week 5] Part (a) Objective: The objective of this exercise is to setup an infrastructure for capturing the network traffic of Wi-Fi connected devices and analysing the captured traffic in order to perform a replay attack. Guidelines: You are required to work in a team of 2 members. You may have to bring and use your own laptops for this lab. Each team will be provided with an external wireless adapter to create an access point and an IoT device that can connect to the access point via Wi-Fi. Caution: It is very important to try pen-testing tools and your skills only on your own device not on unauthorized devices on the Internet. Infrastructure setup: Fig 1: lab setup Kali Linux is a linux distribution based on Debian. Kali is especially made for pen-testers -- this operating system is optimised for most of tools that are needed for penetration testing. You are required to set up a Kali OS on your computer. However, installing Kali Linux in a virtual environment (i.e. Virtual Box) is recommended instead of installing alongside your primary OS. 1
How to set up the Kali? 1. Install virtual box on your computer. You may download the application from: https://www.virtualbox.org/wiki/downloads 2. You can download the appropriate version of Kali Pre-configured virtual machines from the following link: https://www.offensive-security.com/kali-linux-vmware-virtualboximage-download/ (You can also create your own virtual machine by downloading the Kali image from official source. We recommend to use the pre-built virtual machine for this lab) 3. Extract the downloaded image and import it into your virtual box. 4. Configure the appropriate setting for the virtual machine. Recommended settings: a. RAM minimum 2GB (Find on System tab) b. Network Adapter: i. Attached to: NAT network ii. If you don t have any pre-configured NAT Network Name in your virtual box, create a new NAT Network as follows. Go to Preference of Virtual box and add a NAT network under the NETWORK tab as shown in figure below. Add NAT 5. Virtualbox extension pack extends the functionality of virtual box like providing virtual USB slots. It is required to connect the external Wi-Fi adapter to the virtual machine. 2
Thus, download and install the same version of extension pack from: https://www.virtualbox.org/wiki/downloads. 6. Now, boot your Kali machine using default credential (Username: root, Password: toor) Creating an access point: 1. Now, connect the USB wireless adapter to your computer. 2. Attach the wireless adapter to the virtual machine. (You can do this in device menu of the virtual machine) 3. Install the driver for the wireless adapter a. Download file from rtl8812au-driver-4.3.22-beta (https://drive.google.com/file/d/0b8jvbqhqjsq-zew4bdhvofjxdta/view?usp=sharing) cd rtl8812au-driver-4.3.22-beta apt-get install dkms make sudo make install sudo modprobe 8812au 4. Now wireless adapter has been attached to your kali virtual machine. You can make sure it by using ifconfig command in terminal. 5. Mana-toolkit makes easy the whole process of creating an access point. Thus, first install mana-tool kit on your Kali machine 6. Now edit the configuration of mana-toolkit. You may use an text-editor (i.e. leafpad) to open the configuration file Recommended settings: 3
interface=wlan0 bssid=00:11:22:33:44:[your-groupid] ssid = AP-[your-groupID] channel = [your-groupid mod 11] 7. Make sure that the upstream and physical interface names are entered correctly. 8. Finally execute the mana-toolkit as follows: Now you may connect your phone and IoT devices to the access point. Set up IoT devices and capture the packets: 1. Connect your mobile phone to the access point that you have created. 2. Connect the given IoT devices with the access point according to the instruction provided on the box/manual of them. 3. Use wireshark and capture the packets transmitted between your mobile phone and IoT devices 4
Part (b) Objective: Given captured traffic in part(a), you need to analyse the packet(s) corresponding to a command for the IoT device. Then, you will write a script to craft and replay a new packet over the IoT device in the lab, changing the state of the device (e.g. turning on/off a lightbulb) or accessing data from the device (e.g. collecting image from a camera). 5