Wi-Fi Mini Honeypot
OpenWrt and Tinyproxy
If your machine has enough resources, you can go one step further and use a proxy on your router. With this, you will be able to monitor, filter and modify HTTP traffic. Squid is an example of full-blown proxy solution. If you have a router that is capable of running it, go ahead. If you (like me) don't, you'll have to stick with a solution with fewer requirements. An example of such a solution is tinyproxy. To install tinyproxy in your OpenWrt, run:
opkg update opkg install tinyproxy luci-app-tinyproxy
Then, configure and run it with:
uci set tinyproxy.@tinyproxy.enable=1 uci commit /etc/init.d/tinyproxy enable /etc/init.d/tinyproxy restart
From now on, your tinyproxy should listen by default on port 8888 on
your localhost. You can check this with the
netstat command. Since you want
to accept connections not only from localhost, but also from LAN, you'll
have to change the configuration a little bit. Also, in our case, it's
better to run it in so-called stealth mode—that means no added headers
in HTTP. You can find the tinyproxy configuration in the /etc/config/tinyproxy
file. Listing 2 shows an example of such a configuration. Notice that
logfile is specified to be in the /storage directory, which is our
pendrive. Another important option is
list 'Allow'. These are the
IPs that are allowed to connect to the tinyproxy. You should specify
your LAN network or a part of it.
Listing 2. Tinyproxy Configuration with Domain Filtering, Stealth Mode and Custom Log Localization
config 'tinyproxy' option 'User' 'nobody' option 'Group' 'nogroup' option 'Port' '8888' option 'Listen' '192.168.1.1' option 'Timeout' '600' option 'DefaultErrorFile' '/usr/share/tinyproxy/default.html' option 'StatFile' '/usr/share/tinyproxy/stats.html' option 'Logfile' '/storage/tinyproxy.log' option 'LogLevel' 'Connect' option 'MaxClients' '100' option 'MinSpareServers' '5' option 'MaxSpareServers' '20' option 'StartServers' '10' option 'MaxRequestsPerChild' '0' list 'Allow' '192.168.1.0/24' list 'Allow' '127.0.0.1' option 'ViaProxyName' 'tinyproxy' option 'DisableViaHeader' '1' option 'FilterDefaultDeny' '1' option 'Filter' '/storage/filter' list 'ConnectPort' '443' list 'ConnectPort' '563' option 'enable' '1'
Tinyproxy also lets you filter requests by domain. You can specify a
blacklist or a whitelist of domains in the Filter file. In our configuration,
'/storage/filter' Also, here we notify tinyproxy to treat this
file as a whitelist (
FilterDefaultDeny 1), meaning that
for specified domains will be allowed. That way, you can forbid
attackers from accessing the Internet with their browsers or let them access
only specified domains. An example of a /storage/filter file could be:
That would let them visit only the Linux Journal Web site.
Marcin Teodorczyk is a GNU/Linux user with more than 12 years of experience. For the past four years, he's been using Arch Linux exclusively on his personal computers.
- Readers' Choice Awards 2013
- Mars Needs Women
- Linux Kernel News - November 2013
- Sublime Text: One Editor to Rule Them All?
- RSS Feeds
- Raspberry Pi: the Perfect Home Server
- December 2013 Issue of Linux Journal: Readers' Choice
- IBM Will Minimize Impact of Future Disasters
- Tech Tip: Really Simple HTTP Server with Python
- Linux Systems Administrator
1 hour 34 min ago
- This should be very helpful
2 hours 48 min ago
- As much as I share your point
5 hours 8 min ago
- So girls had it better ?
8 hours 40 min ago
- Reply to comment | Linux Journal
9 hours 8 sec ago
- why is GNOME 3 in the fifth position at 14.1 %?
14 hours 32 min ago
- Sublime Is Brilliant!
19 hours 35 min ago
19 hours 54 min ago
- Rapid[Disk,Cache] better than native ram caching?
20 hours 19 min ago
- Nothing is perfect
20 hours 32 min ago