Turn any linux PC into an open Wi-Fi organize that quietly mitm or Man-in-the-middle all http activity. Keeps running inside a Docker container utilizing hostapd, dnsmasq, and mitmproxy to make an open honeypot remote system named “Open”. For included fun, change the system name to “xfinitywifi” to autoconnect any individual who has ever associated with those systems… they are all over.
# clone the repo
git clone https://github.com/brannondorsey/mitm-router
cd mitm-router
# build the image this step can be omitted if you prefer to pull
# the image from the docker hub repository
docker build . -t brannondorsey/mitm-router
Run the following, replacing AP_IFACE
and INTERNET_IFACE
with your wireless device and internet-connected ethernet/wireless devices respectively. You can can get see the name of your network devices by running ifconfig
.
Also Read WiFi Password Decryptor Software To Recover Wireless Password
# run the container
docker run -it --net host --privileged \
-e AP_IFACE="wlan0" \
-e INTERNET_IFACE="eth0" \
-e SSID="Public" \
-v "$(pwd)/data:/root/data" \
brannondorsey/mitm-router
If all went well, you should see something like this:
Current MAC: a5:ae:f9:a4:b7:e3 (TP-LINK TECHNOLOGIES CO.,LTD.)
Permanent MAC: a5:ae:f9:a4:b7:e3 (TP-LINK TECHNOLOGIES CO.,LTD.)
New MAC: 00:d2:6b:d5:fe:bd (PHOTRON USA)
[ ok ] Starting system message bus: dbus.
[ ok ] Starting DNS forwarder and DHCP server: dnsmasq.
[ ok ] Starting advanced IEEE 802.11 management: hostapd.
Proxy server listening at http://0.0.0.0:1337
mitm-router
transparently captures all HTTP
traffic sent to the router at 10.0.0.1:80
. It does not intercept HTTPS traffic (port 443
) as doing so would alert a user that a possible man-in-the-middle attack was taking place. Traffic between URLs that begin with https://
will not be captured.
The mitm-router/data/
folder is shared with the docker container so that we can view the capture files that it places there on our host machine. By default, you will find the mitmdump
capture file in mitm-router/data/http-traffic.cap
.
You can also connect your INTERNET_IFACE
to a hostpot running on your phone your for mitm pwnage on the go 😉
Supported environment variables are listed below with their default values:
# wireless device name that will be used for the Access Point
AP_IFACE="wlan0"
# device name that is used for the router's internal internet connection
# packets from AP_IFACE will be forwarded to this device
INTERNET_IFACE="eth0"
# wireless network name
SSID="Public"
# optional WPA2 password; if left empty network will be public
PASSWORD=""
# optional randomization of AP_IFACE MAC address
# can be set to a specific value like "XX:XX:XX:XX:XX:XX"
# or "unchanged" to leave the device MAC alone
MAC="random"
# tcpdump output file location inside the container
CAPTURE_FILE="/root/data/http-traffic.cap"
# optional mitmproxy filter
# see http://docs.mitmproxy.org/en/stable/features/filters.html
FILTER=""
This access point runs inside of Docker for isolation, ensuring that any vulnerabilities that may be exploitable in the access point will not allow an adversary access to your computer or home network. That said, there are a few caveats to be aware of:
For added security, I prefer to run this docker container on a dedicated computer, like a Raspberry Pi.
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…