Interceptor – Wireless Wired Network Tap (Fon+)

Keep on Guard!


The Interceptor is a wireless wired network tap. Basically, a network tap is a way to listen in to network traffic as it flows past. Most tools are designed to pass a copy of the traffic onto a specified wired interface which is then plugged into a machine to allow a user to monitor the traffic. The problem with this is that you have to be able to route the data from that wired port to your monitoring machine either through a direct cable or through an existing network. The direct cable method means your monitor has to be near by the location you want to tap, the network routing means you have to somehow encapsulate the data to get it across the network without it being affected on route.

The Interceptor does away with the wired monitor port and instead spits out the traffic over wireless meaning the listener can be anywhere they can make a wireless connection to the device. As the data is encrypted (actually, double encrypted, see how it works) the person placing the tap doesn’t have to worry about unauthorized users seeing the traffic.

Requirements

This project has been built and tested on a Fon+ but should in theory work on any device which will run OpenWrt and has at least a pair of wired interfaces and a wireless one

This isn’t intended to be a permanent, in-situ device. It is designed for short term trouble shooting or information gathering on low usage networks, as such, it will work well between a printer and a switch but not between a switch and a router. Here are some possible situations for use:

  • Penetration testing – If you can gain physical access to a targets office drop the device between the office printer and switch then sit in the carpark and collect a copy of all documents printed. Or, get an appointment to see a boss and when he leaves the room to get you a drink, drop it on his computer. The relative low cost of the Fon+ means the device can almost be considered disposable and if branded with the right stickers most users wouldn’t think about an extra small box on the network.
  • Troubleshooting – For sys-admins who want to monitor an area of network from the comfort of their desks, just put it in place and fire up your wireless.
  • IDS – If you want to see what traffic is being generated from a PC without interfering with the PC simply add the Interceptor and sit back and watch. As the traffic is cloned to a virtual interface on your monitoring machine you can use any existing tools to scan the data.

You can download Interceptor here:

interceptor_1.0.tar.bz2

Or read more here.

Posted in: Hacking Tools, Networking Hacking

, , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


2 Responses to Interceptor – Wireless Wired Network Tap (Fon+)

  1. peter April 20, 2009 at 8:42 pm #

    guys could i ask one thing i have read the blog about the interceptor and i would like to ask any of people that have been using the program to compare it ithey have compared it to whitehsark as i know whiteshark has th capability to intercept packets but i aint to sure on the data that it collects would come out like interceptor if any ione has compared the two could you let me know beacuse i know that the packets that whiteshark collects are not fully interceptable readble data packets it takes asmall amount of knowledge of how to define the packets that you have and collct arelativity of data to read them but with interceptor is it or does the program give you the data as it sees from say a printer like the document as it is or do you have to decode it to make it readable handy program if it could would save me a lot of time but i do say i ask this question as a novice ……shadowdevelopment

  2. Bogwitch April 23, 2009 at 5:09 pm #

    Peter,

    The Interceptor code is used to run on a fon+ device connected to the target network. You would need to use a second device to collect the log information, probably a PC using wireshark.

    If you are having a hard time interpreting the output of wireshark, I would suggest (and I’m trying not to be patronising here) that you need to learn more, you did say you were a novice! The output from wireshark is among he easiest to follow, filter and process. When I was learning about packet capture and analysis – pre-wireshark days, I started by generating known traffic, ftp, telnet, smtp, pop etc.

    HTH