2012-04-07

Mallory MiTM Proxy as a Wireless Access Point (Part 1 of 2)

Mallory MiTM Proxy is great tool if you need to intercept and modify non HTTP connections. I generally use this tool while doing mobile assessments to get an idea of all the connections the device is performing in the background. It allows you to intercept most types of tcp and udp connections and has special translators for HTTP protocols. I still prefer using BurpSuite for HTTP protocols but since Mallory understands protocols  that BurpSuite does not it reamins a great tool to have on your side.

There are a ton of ways to setup and configure Mallory. The easiest is as a VPN but I feel the wireless access point is more robust and easier to get your devices proxing through it once you have it set up.

Create a Virtual Machine Wireless Access Point

I created a new Ubuntu Virtual Machine to act as my MiTM Wireless Access Point with VirtualBox as the host. I like the virtual machine approach because I can save the state and start anew with each new assessment and I can run it on my laptop which makes my mobile environment more portable. This requires a wireless card that is USB, runs in Ubuntu, and can be put into Monitor mode. The Alfa cards work great for this, they are high power (mine is 2000mW), and fairly inexpensive.







Once your Ubuntu is installed and have a wireless card that works you need to install hostapd. It's the software that will make your VM act like an access point. You also need to create one NAT'ed Network adaptor in the VirtualBox config. I could not get this to work correctly unless it was NAT'ed. The Alfa drivers come with its own custom version of hostap. If you are using the Alfa then proceed to the next section. If not you should be able to get away with just running sudo apt-get install hostapd.

Installing the Alfa Drivers (Skip this section if not using the Alfa )

If your using the wireless card mentioned above then you also need to install the drivers from the Alfa website. The divers can be downloaded here. Once downloaded and unziped you will need to build the driver.
> cd [ALFA ROOT]/driver
Unzip and untar the driver and cd into the created directory structure and run the following commands.
>make
>sudo make install


Your driver should be installed and to test reboot the machine and see if the Alfa can connect to the internet. In virtual box i had to create a USB filter so that the VM can see the device. This is pretty simple and the Alpha shows up in the list when you click Add USB in the USB Virtual Box config.


Install HostAp for Alfa

The downloaded drivers have a custom hostap that needs to be built to use this card. You need to 
> cd [ALFA ROOT] /wpa_supplicant_hostapd/
> unzip wpa_supplicant_hostapd-0.8_rtw_20110524.zip
> cd wpa_supplicant_hostapd-0.8
> cd hostap
> make
> sudo make install
cd [ALFA ROOT] /wpa_supplicant_hostapd/
> cp rtl_hostapd.conf ~/
> cd ~




Configure HostAp

Now your ready to start your AP. You can configure your access point inside rtl_hostapd.conf or /etc/hostap/hostapd.conf if your not using the Alfa Drivers. In this file ensure that the interface is correct, change the ssid, and change the password. Below is an example of the only things I needed to configure.


interface=wlan0
ctrl_interface=/var/run/hostapd
ssid=MALLORY_VM
wpa_passphrase=thisisatest
channel=6
wpa=2
bridge=br0


Run your access point by typing:
> sudo hostapd ./rtl_hostapd.conf


You should be able to see your wireless access point show up on your mobile devices. In Part 2 we will discuss the installation of Mallory and getting it to MiTM any device that connects to the wireless AP.









3 comments:

Andre Gironda said...

Very excellent and needed post. Thanks for doing this. I rarely ever see anyone write well regarding MITM proxying.

Andre Gironda said...

Good post. Looking forward to more!

All of your technology choices here are top-notch: Linux, Mallory, ALFA, hostap, et al. Love it!

Anonymous said...

I love reading mallory posts. I think i should really continue development on this thing.

Raj