Wi-Fi Mini Honeypot
OpenWrt and Tinyproxy
If your machine has enough resources, you can go one step further and use a proxy on your router. With this, you will be able to monitor, filter and modify HTTP traffic. Squid is an example of full-blown proxy solution. If you have a router that is capable of running it, go ahead. If you (like me) don't, you'll have to stick with a solution with fewer requirements. An example of such a solution is tinyproxy. To install tinyproxy in your OpenWrt, run:
opkg update opkg install tinyproxy luci-app-tinyproxy
Then, configure and run it with:
uci set tinyproxy.@tinyproxy.enable=1 uci commit /etc/init.d/tinyproxy enable /etc/init.d/tinyproxy restart
From now on, your tinyproxy should listen by default on port 8888 on
your localhost. You can check this with the
netstat command. Since you want
to accept connections not only from localhost, but also from LAN, you'll
have to change the configuration a little bit. Also, in our case, it's
better to run it in so-called stealth mode—that means no added headers
in HTTP. You can find the tinyproxy configuration in the /etc/config/tinyproxy
file. Listing 2 shows an example of such a configuration. Notice that
logfile is specified to be in the /storage directory, which is our
pendrive. Another important option is
list 'Allow'. These are the
IPs that are allowed to connect to the tinyproxy. You should specify
your LAN network or a part of it.
Listing 2. Tinyproxy Configuration with Domain Filtering, Stealth Mode and Custom Log Localization
config 'tinyproxy' option 'User' 'nobody' option 'Group' 'nogroup' option 'Port' '8888' option 'Listen' '192.168.1.1' option 'Timeout' '600' option 'DefaultErrorFile' '/usr/share/tinyproxy/default.html' option 'StatFile' '/usr/share/tinyproxy/stats.html' option 'Logfile' '/storage/tinyproxy.log' option 'LogLevel' 'Connect' option 'MaxClients' '100' option 'MinSpareServers' '5' option 'MaxSpareServers' '20' option 'StartServers' '10' option 'MaxRequestsPerChild' '0' list 'Allow' '192.168.1.0/24' list 'Allow' '127.0.0.1' option 'ViaProxyName' 'tinyproxy' option 'DisableViaHeader' '1' option 'FilterDefaultDeny' '1' option 'Filter' '/storage/filter' list 'ConnectPort' '443' list 'ConnectPort' '563' option 'enable' '1'
Tinyproxy also lets you filter requests by domain. You can specify a
blacklist or a whitelist of domains in the Filter file. In our configuration,
'/storage/filter' Also, here we notify tinyproxy to treat this
file as a whitelist (
FilterDefaultDeny 1), meaning that
for specified domains will be allowed. That way, you can forbid
attackers from accessing the Internet with their browsers or let them access
only specified domains. An example of a /storage/filter file could be:
That would let them visit only the Linux Journal Web site.
Marcin Teodorczyk is a GNU/Linux user with more than 12 years of experience. For the past four years, he's been using Arch Linux exclusively on his personal computers.
|Take Control of Your PC with UEFI Secure Boot||Nov 30, 2015|
|Geek Hide-away in Guatemala - Stay for Free!||Nov 26, 2015|
|Microsoft and Linux: True Romance or Toxic Love?||Nov 25, 2015|
|Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.||Nov 24, 2015|
|Cipher Security: How to harden TLS and SSH||Nov 23, 2015|
|Web Stores Held Hostage||Nov 19, 2015|
- Take Control of Your PC with UEFI Secure Boot
- Cipher Security: How to harden TLS and SSH
- Microsoft and Linux: True Romance or Toxic Love?
- Non-Linux FOSS: Install Windows? Yeah, Open Source Can Do That.
- Web Stores Held Hostage
- Firefox's New Feature for Tighter Security
- Geek Hide-away in Guatemala - Stay for Free!
- PuppetLabs Introduces Application Orchestration
- diff -u: What's New in Kernel Development
- IBM LinuxONE Provides New Options for Linux Deployment