Upside-Down-Ternet: Raspberry Pi Edition

I did a post on this a few years ago, here is an update for 2013. This walkthrough is based on the technique found here: http://www.ex-parrot.com/pete/upside-down-ternet.html

First the disclaimer: Do not do this to any sort of important computer or network, because it WILL break things. This is meant as a prank for home use only; such as confusing your brother, sister, kids, wife, etc... Doing this to a network you don't own could be considered a serious offense by your local law enforcement, and could result in fines or imprisonment.

What it does

A small device (Raspberry Pi) powered by either a battery or cell phone charger is connected to your network in front of the intended victim's computer, which will wreak havoc on your victim's internet browsing. This method does not require changing any settings on any target computers. 

The instructions assume that the computer you want to prank is using a DHCP assigned IP address. If the computer is using a manually assigned IP address, the only thing that will happen is the internet will be completely cut off - which isn't very funny. If you want to be really evil, you could put it in front of your internet router, causing all the devices that use your internet to be effected. 

How it works

The Raspberry Pi is configured with with a dnsmasq DHCP server which will assign downstream computers a new IP address and gateway. A squid transparent proxy is installed on the Pi where traffic is redirected using iptables. A redirection script uses mogrify to alter images and then re-hosts the images through the a web server. 

Equipment and Software

* Raspberry Pi Model B with Raspbian installed

* USB Ethernet Adapter

* CAT5 Patch Cable

These instructions assume that the Raspberry Pi is accessible through SSH, and also has access to the internet. Installing and configuring Raspbian is out of the scope of this post. If you need help, here is a great place to start: http://www.raspbian.org/RaspbianInstaller

Prepare the Software

For best results, overclock the pi to 800Mhz, and set to memory split to 32 or 16MB. For some reason my raspberry pi wouldn't boot when configured with 16MB. Also make sure that eth1 is configured with static IP 192.168.254.1.

Dnsmasq

Install with:

 sudo apt-get -y install dnsmasq
Add the following config to /etc/dnsmasq.conf to configure the dhcp server on eth1, which should be the USB ethernet adapter.
 domain-needed
 interface=eth1  
 domain=upside-down-ternet

 dhcp-range=192.168.254.100,192.168.254.200,255.255.255.0,12h

Edit /etc/sysctl.conf to allow the Raspberry Pi to act as a gateway router. Add or uncomment:

 net.ipv4.ip_forward=1

Type /etc/init.d/dnsmasq restart and then plug a laptop into the USB ethernet adapter. You should get an IP in the 192.168.254.xxx range. At this point although the gateway should be reachable, there is no NAT configuration so you won't be able to access the internet.

Squid

Install squid, iptables, and imagemagick:

 sudo apt-get -y install squid3 iptables imagemagick

Edit /etc/squid3/squid.conf and copy the text below. This configures squid to act as a transparent proxy with no caching. It also specifies a redirect script at /etc/squid3/upsidedown.sh.
 cache_mgr dustin
 cachemgr_passwd dustin all
 cache deny all
 redirect_program /etc/squid3/upsidedown.sh
 acl manager proto cache_object
 acl localhost src 127.0.0.1/32 ::1
 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
 acl localnet src 192.168.254.0/24 # RFC1918 possible internal network
 acl SSL_ports port 443
 acl Safe_ports port 80  # http
 acl Safe_ports port 21  # ftp
 acl Safe_ports port 443  # https
 acl Safe_ports port 70  # gopher
 acl Safe_ports port 210  # wais
 acl Safe_ports port 1025-65535 # unregistered ports
 acl Safe_ports port 280  # http-mgmt
 acl Safe_ports port 488  # gss-http
 acl Safe_ports port 591  # filemaker
 acl Safe_ports port 777  # multiling http
 acl CONNECT method CONNECT
 http_access allow manager localhost
 http_access deny manager
 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 http_access allow localnet
 http_access allow localhost
 http_access deny all
 http_port 3128 transparent
  cache_mem 64 MB
 #cache_dir ufs /var/spool/squid3 150 16 256
 coredump_dir /var/spool/squid3
 refresh_pattern ^ftp:  1440 20% 10080
 refresh_pattern ^gopher: 1440 0% 1440
 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
 refresh_pattern .  0 20% 4320

Iptables

Create a file iptables.sh and copy the text below:

#nat
iptables -t nat -A POSTROUTING -j MASQUERADE
#squid transparent proxy
iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.254.1:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Hit ctrl-o to save the file, then ctrl-x to exit. Now the file needs to be made executable and copied to an appropriate location.

chmod +x iptables.sh
sudo cp iptables.sh /etc/init.d/

Apply the configuration at boot:

sudo update-rc.d iptables.sh start 99

Upside Down Redirection Script

First make sure Apache and perl are installed:

 sudo apt-get install apache2 perl

Create a directory for the modified images and assign permissions:

 sudo mkdir /var/www/images

 sudo chmod 777 /var/www/images

Create the redirection script:

 sudo nano /etc/squid3/upsidedown.pl

Paste this code:

#!/usr/bin/perl

$|=1;

$count = 0;

$pid = $$;

while (<>) {

        chomp $_;

        if ($_ =~ /(.*\.jpg)/i) {

                $url = $1;

                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpg", "$url");

                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpg");

                print "http://127.0.0.1/images/$pid-$count.jpg\n";

        }

        elsif ($_ =~ /(.*\.gif)/i) {

                $url = $1;

                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.gif", "$url");

                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.gif");

                print "http://127.0.0.1/images/$pid-$count.gif\n";

        }

        elsif ($_ =~ /(.*\.png)/i) {

                $url = $1;

                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.png", "$url");

                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.png");

                print "http://127.0.0.1/images/$pid-$count.png\n";

        }

        elsif ($_ =~ /(.*\.jpeg)/i) {

                $url = $1;

                system("/usr/bin/wget", "-q", "-O","/var/www/images/$pid-$count.jpeg", "$url");

                system("/usr/bin/mogrify", "-flip","/var/www/images/$pid-$count.jpeg");

                print "http://127.0.0.1/images/$pid-$count.jpeg\n";

        }

        else {

                print "$_\n";;

        }

        $count++;

}

Press ctrl-o to save, then ctrl-x to exit. Make the script executable:

 sudo chmod +x /etc/squid3/upsidedown.pl

Reboot the raspberry pi and make sure everything starts up automatically. Most images should now be shown upside down!

Disable "Faster, Simpler Search" Tabs in Google Chrome (29.0.1547.66)

***Google has disabled the extended api fix as of Chrome 33, so this no longer works. For now the only way to change the behavior appears to be to install a New Tab Page from the Chrome store. Disappointing to say the least... ***

If you're like me, you're averse to change. So when you opened up chrome and then hit ctrl+t, you were put off for a couple seconds wondering where your recent sites were, and why is the Google logo taking up a big chunk of my screen? And why is there yet another search bar? And more clutter at the top of the screen with apps and bookmarks!?

Chrome, don't go the way of Firefox! Keep doing what you do best - which is a clean, simple, fast browser.
Here's how us people stuck in the past can get rid of all this fancy new technology.

1. In the address bar type: chrome://flags/
2. Hit CTRL-F and search for extended api
3. Select "Disabled" in the menu.
4. Click the "Relaunch Now" button that appear at the bottom of the window when a change is made

Done!

Raspberry Pi Personal Hotspot - Squid with Adzapper Config (part 2)

-- Link to Part 1 --

Here are the steps I used to finish my personal wifi hotspot. I was able to find lots of tutorials that show how to make a simple wifi to ethernet bridge, but I wanted to save the max bandwidth possible. I'll be using adzapper and a squid3 cache for bandwidth saving. I don't usually block ads, but since this is a metered internet connection I don't like the thought of paying for ads. Squid can be configured for very aggressive caching, but I have left it on the default configuration. 

Inside view of the "PiSpot". The video and audio port have been removed to save space.

Battery, 4 port USB hub, 4G dongle, and a shortened USB Cable.

Here we see the fully operational battle station -- err, PiSpot.

You can see the various components in the pictures above. I removed the plastic casings to save space. I haven't done any testing on the battery life, but it should last at least a few hours with light traffic. Here are the parts I used:

• Raspberry Pi Model B 1st generation (256MB RAM) --Model A would work as well
• 4 port USB 2.0 Hub - Iogear Model GUH285 -- I chose this because of its size and it was <$10 at Fry's.
• EasyACC BP8400 Power Bank 5600mAh Battery - Amazon Link
• Belkin F9L1005 Wifi Adapter (rtl8192cu)
• FreedomPop 4G Adapter - Amazon Link

TODO:
Charge battery without opening case.
Power button so the the unit can be turned on or off without opening the case.

This post will assume that you are already able to connect to the Raspberry Pi WiFi network that was created in part 1.

Install Software

Make sure squid and adzapper are installed

apt-get install squid3 adzapper

Configure Squid

First make sure that the pi is configured for ip forwarding at /etc/systcl.conf. Uncomment or add:

net.ipv4.ip_forward=1

Edit /etc/squid3/squid.conf and to something similar to the config below. This config includes lines to enable adzapper and transparent proxy. Max storage size is 1.5GB. Make sure to change the IP address to your network.  **I'm sure this can be fine tuned for better bandwidth savings, let me know if you have any suggestions!

cache_mgr dustin
cachemgr_passwd dustin all
redirect_program /usr/bin/adzapper.wrapper
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.254.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
 cache_mem 128 MB
cache_dir ufs /var/spool/squid3 1500 16 256
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Configure Adzapper

/etc/adzapper.conf should look something like this:

ZAP_MODE=""

ZAP_BASE=http://adzapper.sourceforge.net/zaps

ZAP_BASE_SSL=https://adzapper.sourceforge.net/zaps # this can probably be ignored

ZAP_PREMATCH=

ZAP_POSTMATCH=

STUBURL_AD=$ZAP_BASE/ad.gif

STUBURL_ADSSL=$ZAP_BASE_SSL/ad.gif

STUBURL_ADBG=$ZAP_BASE/adbg.gif

STUBURL_ADJS=$ZAP_BASE/no-op.js

STUBURL_ADHTML=$ZAP_BASE/no-op.html

STUBURL_ADMP3=$ZAP_BASE/ad.mp3

STUBURL_ADPOPUP=$ZAP_BASE/closepopup.html

STUBURL_ADSWF=$ZAP_BASE/ad.swf

STUBURL_COUNTER=$ZAP_BASE/counter.gif

STUBURL_COUNTERJS=$ZAP_BASE/no-op-counter.js

STUBURL_WEBBUG=$ZAP_BASE/webbug.gif

STUBURL_WEBBUGJS=$ZAP_BASE/webbug.js

Now iptables needs to be configured to route traffic through squid. Create a new file:

nano iptables.sh

Add the the rules below. Careful with line breaks when cut/pasting, there should only be 5 lines total.

#nat for wifi
iptables -t nat -A POSTROUTING -j MASQUERADE
#squid transparent cache
iptables -t nat -A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.254.1:3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128

Hit ctrl+o to save the file, then ctrl-x to exit. Now the file needs to be made executable and copied to an appropriate location.

chmod +x iptables.sh
sudo cp iptables.sh /etc/init.d/

Apply the configuration at boot.

sudo update-rc.d iptables.sh start 99

That should wrap it up. At this point I suggest doing a power cycle on the Pi to make sure everything comes up automatically. 

Raspberry Pi Personal WiFi Hotspot (part 1)

I recently bought a Nexus 7 16GB WiFi with the hopes that it could replace my aging and heavy laptop. My first thought for remote connectivity was to use the personal hotspot feature on my phone... until I saw the prices. $20/month on top of what I already pay for a service I will rarely use? No thanks! Here's what I did instead. I already had everything except for the 4G* usb adapter I bought off of Amazon. 

*The 4G service is Clearwire wimax (now owned by Sprint). Sprint is replacing wimax with LTE, but will be keeping the wimax online until sometime in 2015. 

Equipment
- Raspberry Pi - Model A will work for this project, but I only have a Model B. 
- 4GB or greater SDCard 
- 1A or greater micro usb phone charger. I have successfully used the stock HTC charger, and a generic 1 amp car charger with both USB devices connected directly to the  pi.
- USB WiFi Adapter - I used a Belkin F9L1005 (rtl8192cu) - I DO NOT recommend using this model!
- USB 4G Adapter - I am using a FreedomPop branded adapter which appears to be this: http://www.ubeeinteractive.com/products/mobility/ubee-4g-wimax-usb-pxu-1960. I purchased one from amazon here: http://www.amazon.com/Freedom-Stick-Bolt-Modem-Black/dp/B009FCGASA/ref=sr_1_3?s=wireless&ie=UTF8&qid=1377739418&sr=1-3&keywords=freedompop

There are undoubtedly cheaper ways to get internet connectivity, you could probably buy a MiFi device for cheaper than the total cost of this setup, but I have another project in mind that I plan on using the same Raspberry Pi for. 

Part 1 - Prepare the Raspberry Pi OS

Start with the official Rasbian distro.  Instructions and the download can be found here: http://www.raspberrypi.org/downloads

Run the raspi-config utility and configure your desired settings. 
* Set your password
* Expand Filesystem
* Disable boot to desktop
* Enable SSH
* Use the 16MB memory split if possible. I had some problems booting my revision 1 pi on the 16MB setting and had to go with 32MB.

Reboot and update assuming you are plugged into a network.
sudo apt-get update 
sudo apt-get upgrade 

Remove the Desktop environment for a little extra space on the SD card. The only reason for this is to allow a larger squid disk cache size.
apt-get remove --auto-remove --purge libx11-.*
apt-get auto-remove

Install the software we will be using.
apt-get install hostapd hostapd-utils dnsmasq squid3 adzapper

At this point the software components need to be configured.

Part 2 - Configure WiFi AP

Plug in your wifi adapter and make sure the system recognizes it by running ifconfig. It will probably be listed as wlan0.
Configure the interfaces at /etc/network/interfaces. The sample below includes dhcp setting for eth1, which will be the USB 4G adapter.

auto lo

iface lo inet loopback
iface eth0 inet dhcp

iface eth1 inet dhcp

iface wlan0 inet static
address 192.168.254.1
netmask 255.255.255.0

Configure hostapd. If using the rtl8192cu usb adapter then you will need a custom hostapd binary available here: http://blog.sip2serve.com/post/38010690418/raspberry-pi-access-point-using-rtl8192cu
Edit /etc/hostapd/hostapd.conf to something like the sample below. 

interface=wlan0
driver=rtl871xdrv
country_code=US
ssid=Mobile-Wifi
hw_mode=g
channel=1
wpa=2
wpa_passphrase=Your_Password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=2
macaddr_acl=0

Configure dnsmasq as a dhcp server. Create a new /etc/dnsmasq.conf file or add the following sample to the top of the existing one. This specifies the dhcp pool as 192.168.254.100-200 with a 12 hour lease.

domain-needed
interface=wlan0
domain=mobile-wifi.local
dhcp-range=192.168.254.100,192.168.254.200,255.255.255.0,12h

Now we need to make the pi act as a gateway and forward packets. This is just a matter of uncommenting a line in /etc/sysctl.conf. Add or uncomment:
net.ipv4.ip_forward=1


That should be all that's needed for a simple AP. Shut down the pi and plug in the USB 4G adapter. Start it back up and attempt to connect to the wifi. If connected, open an ssh connection to 192.168.254.1 and see if you can ping google.
That's all I have time for at the moment. I'll work on posting a quick howto for saving a little bandwidth using squid and adzapper. 

Raspberry Pi with Wifi and 4G USB adapter.

ntop via svn on Ubuntu Server 12.04

Install ntop svn on Ubuntu Server 12.04

Quick post on installing the most up to date development version of ntop on Ubuntu server. The version of ntop in the official repositories is 4.x, which will show as being out of date in the web gui.The development version will show as unstable.

1. Install prerequisites:

sudo apt-get install libpcap-dev libgdbm-dev zlib1g-dev librrd-dev python-dev libgeoip-dev subversion

2. Download software:

cd ~
svn co https://svn.ntop.org/svn/ntop/trunk/ntop/

3. Configure source:

cd ntop
./autogen.sh

4. Compile source:

make

5. Install:

sudo make install

6. Configure ntop. Without ldconfig you will get an error "ntop: error while loading shared libraries: libntopreport-5.0.2.so: cannot open shared object file: No such file or directory"

sudo ldconfig
sudo ntop --set-admin-password

7. Configure permissions:

sudo chown -R nobody:nogroup /usr/local/var/ntop/

8. Start ntop:

sudo ntop -d

9.  Access ntop:

http://localhost:3000

Done!!