The following steps will help you configure a GL-iNet router running a version of linux called OpenWRT so that you can do real-time WiFi Probe Request capture. By using multiple of these GL-iNet devices you can easily create a perimeter for WiFi tracking.
mkdir /mnt/sda1/packages
echo dest usb /mnt/sda1/packages/ >> /etc/opkg.conf
In the GL.iNet it is hard to override the mount points of the filesystem because the router is configured to be as hotpluggable as possible, so the setup has a lot of scripts that get run dynamically and doesn't rely on a fstab file. One way of overriding the default mounts is by using /etc/rc.local which is executed after all the rc.d scripts.
vi /etc/config/system
Edit the line that reads option hostname 'GL-iNet' for the hostname of your choice.
(read https://forum.openwrt.org/viewtopic.php?id=52219)
Your /etc/opkg.conf file should look like this:
src/gz barrier_breaker_base http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base
src/gz barrier_breaker_telephony http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/telephony
src/gz barrier_breaker_packages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages
src/gz barrier_breaker_routing http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/routing
src/gz barrier_breaker_luci http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/luci
src/gz barrier_breaker_management http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/management
src/gz barrier_breaker_oldpackages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
dest usb /mnt/sda1/packages/
Update your package list:
opkg update
Install python:
opkg install python
List installed packages:
opkg list-installed
See where python is installed:
opkg files python
Because these setup involves so many steps, it would be great to be able to do the process only once and have all the configuration in a USB stick and then create images for multiple devices, just changing IP configurations as needed. To achieve that it is necessary to mount the OpenWRT filesystem entirely from the USB device. The following steps will help in setting external storage:
See extroot.
Save the Gl-iNet's automount script, because it prevent's us from installing the block-mount package (see original):
cp /etc/hotplug.d/block/10-mount /etc/hotplug.d/block/10-mount.old
Install the block-mount package, we have to indicate that we want to overwrite clashing files otherwise it will not install:
opkg update
opkg install block-mount --force-overwrite
This is how the overlay mount point is determined, this is called as a preinit script:
less /lib/functions.sh
mkdir /mnt/sda1/packages/
echo dest usb /mnt/sda1/packages/ >> /etc/opkg.conf
opkg --dest usb install python
ln -s /mnt/sda1/packages/usr/bin/python /usr/bin/python
opkg --dest usb install distribute
ln -s /mnt/sda1/packages/usr/bin/easy_install /usr/bin/easy_install
opkg --dest usb install python-openssl
easy_install pip
opkg --dest usb install tcpdump
easy_install scapy
tcpdump -i wlan0
netstat -an # will list all services and all port numbers being listened on (netstat -tulpn)
iptables --list -vn # will list all currently active firewall rules
The GL-iNet comes with very little memory, so our python scripts will quickly run out of memory unless we provide some swap space.
mkswap /dev/sda2
Then turn activate the swap space:
swapon /dev/sda2
Now run free again to make sure the space was allocated:
# free
total used free shared buffers
Mem: 29212 19160 10052 0 1972
-/+ buffers: 17188 12024
Swap: 475644 0 475644
This is great, but it won’t stay active if we reboot the system, so we need to let the system know that it should activate swap every time it starts up. You may have noticed a swap section in our fstab file from earlier. In my experience, this doesn’t always activate properly, so I have chosen to ignore it and create a separate startup script to turn on the swap space. This has the added benefit of introducing us to startup scripts, in case we want to create one later to ensure our scanning script restarts when the system resets.
We will start by creating the startup script:
vi /etc/init.d/swapon
Enter the following into the file, then save it:
#!/bin/ash /etc/rc.common
START=109
STOP=151
start() {
echo "start swap"
swapon /dev/sda2
}
stop(){
echo "stop swap"
}
Make the script executable:
chmod +x /etc/init.d/swapon
Now we need to make a symlink from /etc/rc.d to our script to make the system run it on startup:
ln -s /etc/init.d/swapon /etc/rc.d/S109swapon
# /etc/init.d/firewall stop
# /etc/init.d/firewall disable
# /etc/init.d/dnsmasq stop
# /etc/init.d/dnsmasq disable
Configure a fixed ip on the lan interface:
# vim /etc/config/network
config interface 'lan'
option ifname 'eth1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
http://edwardkeeble.com/2014/02/passive-wifi-tracking/
# vi /etc/config/wireless
config wifi-iface
option device 'radio0'
option network 'lan'
#option mode 'ap' # change for the line bellow
option mode 'monitor'
option encryption 'psk-mixed'
option wds '1'
option uapsd '1'
option ssid 'GL-iNet-05e'
option disabled '0'
Another way of doing the above without permanently changing the config of the AP is:
ifconfig wlan0 down
iw dev wlan0 set monitor none
ifconfig wlan0 up
tcpdump -i wlan0 -s65535
One way to find out is to sniff the DHCP request that is broadcasted when the router boots up.
tcpdump -i eth0 -s 0 -f 'broadcast and multicast'
To log into the router without being required username and password ou can generate an install an SSH key, like this:
scp ~/.ssh/YOUR_KEY.pub [email protected]:/tmp
cat /tmp/YOUR_KEY.pub >> /etc/dropbear/authorized_keys