Wi-Fi Mini Honeypot
OpenWrt and Tinyproxy
If your machine has enough resources, you can go one step further and use a proxy on your router. With this, you will be able to monitor, filter and modify HTTP traffic. Squid is an example of full-blown proxy solution. If you have a router that is capable of running it, go ahead. If you (like me) don't, you'll have to stick with a solution with fewer requirements. An example of such a solution is tinyproxy. To install tinyproxy in your OpenWrt, run:
opkg update opkg install tinyproxy luci-app-tinyproxy
Then, configure and run it with:
uci set tinyproxy.@tinyproxy.enable=1 uci commit /etc/init.d/tinyproxy enable /etc/init.d/tinyproxy restart
From now on, your tinyproxy should listen by default on port 8888 on
your localhost. You can check this with the
netstat command. Since you want
to accept connections not only from localhost, but also from LAN, you'll
have to change the configuration a little bit. Also, in our case, it's
better to run it in so-called stealth mode—that means no added headers
in HTTP. You can find the tinyproxy configuration in the /etc/config/tinyproxy
file. Listing 2 shows an example of such a configuration. Notice that
logfile is specified to be in the /storage directory, which is our
pendrive. Another important option is
list 'Allow'. These are the
IPs that are allowed to connect to the tinyproxy. You should specify
your LAN network or a part of it.
Listing 2. Tinyproxy Configuration with Domain Filtering, Stealth Mode and Custom Log Localization
config 'tinyproxy' option 'User' 'nobody' option 'Group' 'nogroup' option 'Port' '8888' option 'Listen' '192.168.1.1' option 'Timeout' '600' option 'DefaultErrorFile' '/usr/share/tinyproxy/default.html' option 'StatFile' '/usr/share/tinyproxy/stats.html' option 'Logfile' '/storage/tinyproxy.log' option 'LogLevel' 'Connect' option 'MaxClients' '100' option 'MinSpareServers' '5' option 'MaxSpareServers' '20' option 'StartServers' '10' option 'MaxRequestsPerChild' '0' list 'Allow' '192.168.1.0/24' list 'Allow' '127.0.0.1' option 'ViaProxyName' 'tinyproxy' option 'DisableViaHeader' '1' option 'FilterDefaultDeny' '1' option 'Filter' '/storage/filter' list 'ConnectPort' '443' list 'ConnectPort' '563' option 'enable' '1'
Tinyproxy also lets you filter requests by domain. You can specify a
blacklist or a whitelist of domains in the Filter file. In our configuration,
'/storage/filter' Also, here we notify tinyproxy to treat this
file as a whitelist (
FilterDefaultDeny 1), meaning that
for specified domains will be allowed. That way, you can forbid
attackers from accessing the Internet with their browsers or let them access
only specified domains. An example of a /storage/filter file could be:
That would let them visit only the Linux Journal Web site.
Marcin Teodorczyk is a GNU/Linux user with more than 12 years of experience. For the past four years, he's been using Arch Linux exclusively on his personal computers.