This folder contains a couple of scripts that can be used with an OpenWrt router and turn it into as a find3 cli scanner.
All of this runs on two GLiInet b-1300 model routers running a custom snapshot build.
The setup consists of a monitor interface on which tcpdump will log probe requests, which will be submitted by a pythnon script to the find3 server backend.
First make sure you find a usb dongle that has monitor mode enabled on OpenWrt. For this I used an rtl8192cu chipset which can be found in those rtl8818cus dongles, which became very popular for use with a raspberry pi.
You can choose to run the scanner using airodump-ng or tcpdump.
Initially I wanted to use airodump but for some reason it always stopped the packet capture (probably a driver issue). This issue was caused
by the alternative ieee80211 rtl8xxx linux driver that did not seem to be very stable for my specific hardware.
The scripts can now also be installed using a prepackaged ipk added here in the release section.
To enable the dongle in OpenWrt, first install the wifi driver
-
In my case I installed the driver using
opkg install kmod-rtl8192cu. -
Next you need to tell OpenWrt userspace that you want to use this dongle in monitor mode by typing
wifi config. This will add the needed config section to the/etc/config/wirelessconfiguration file. Now open this file with your editor of choice. -
Enable the dongle by setting the
disabledflag to 0 for the newly created interface -
Change the
modeline tomode 'monitor'to enable monitor mode. Remove all lines related to authentication (key,ssid,encryption) -
Start the interface by
wifi up <radio2>. You should see the packet count increasing when typingifconfig -
Don't forget to replace the last value with the interface name that was added in the config file.
Over time I tried three different setups. The most stable (and recommended one) is the tcpdumpscan + ash scanner variant. This is also the version that is packaged and available for download under the release section.
If you are on a more constrained device, then using OpenWrt binaries + some shell scripts might be most appropriate. In my case WR703n router was not powerful enough to run the scripts in python3. Only dependencies here are libubox (preinstalled), tcpdump and curl
- Install curl + tcpdump using
opkg update && opkg install tcpdump curlon the device. - Copy the
find3_1_all.ipkfile in the (release)[https://github.com/jekkos/find3-openwrt-scanner/releases/tag/v1] section to the device using `scp find3_1_all.ipk root@:/tmp - Open an SSH session to the device and install using `opkg install /tmp/find3_1_all.ipk'
- Adapt the
URLandFAMILYvariables in/etc/config/tcpdumpscan. - Hit
/etc/init.d/tcpdumpscan restartto start scanning. - Finally type
/etc/init.d/tcpdumpscan enableto enable scanning on startup.
You need to setup tcpdump and the needed python packages so you can submit fingerprints to the find3 server. Currently I have not foreseen an .ipk for this version.
- Enter following commnad
opkg install tcpdump python3-codecs python3-light python3-email python3-openssl - Adapt the
URLandFAMILYvariables and Copy thetcpdumpscanprocd init script to/etc/init.dusing scp. - Copy the tcpdumpscan.py using scp to
/rootdirectory - type
/etc/init.d/tcpdumpscan startto start scanning - Finally type
/etc/init.d/tcpdumpscan enableto enable both on startup.
Log output can be monitored using logread in the router's SSH session.
This setup might give you more control on how the wifi driver behaves in monitor mode by using specific airodump-ng parameters. I stepped away from it as changing the wifi channels didn't seem to play nicely with the rtl8192cu (it often freezed the whole device).
- First install aircrack suite
opkg install aircrack-ng python3-codecs python3-light python3-email python3-openssl - Adapt the
URLandFAMILYvariables and Copy theairodumpandairodumpscanprocd init scripts to/etc/init.dusing scp. - Finally type
/etc/init.d/airodump enableand/etc/init.d/airodumpscan enableto enable both on startup.
If you want to include the tcpdumpscan scripts in your custom OpenWrt 18.06 build, you should do the following
- Open
feed.conf.defaultthe Openwrt repository folder and addsrc-git find3 https://github.com/jekkos/find3-openwrt-scanner.gitto the bottom of the file. - Then type
./scripts/feeds update find3 && ./scripts/feeds install - When this command is completed, you should see a new entry under the
Utilitiessection after startingmake menuconfig. Then choose to include in the base image or to build as a package only.
Not needed for find3 but nice as an addon to use with grafana and influxdb
opkg install collectd-mod-network collectd-mod-uptime collectd-mod-interface collectd-mod-memory collectd-mod-cpu collectd-mod-load collectd-mod-iwinfo
/etc/init.d/collectd enable
A cool dashboard can be found (here)[https://grafana.com/grafana/dashboards/3484]
Upgrading vanilla OpenWrt snapshots on a router is quite time intensive. After you install a new snapshot, you need to add the python and other packages again manually. Also this setup is using mesh functionality from wpad-mesh which is not in a default OpenWrt build. This meant that after every upgade the router lost internet connection. In this case it's easier to include all package upfront in the root filesystem. The config file in diffconfig version which can be easily used to build newer versions of OpenWrt with the same additional packages. The config contains all required python and collectd packages, as well as the rtl8192cu wifi kernel driver.
Just copy the b1300defconfig or wr703ndeconfig file to your OpenWrt root folder. Mind that the latter requires a 8Mb flash.
- In case you want to build for wr703n apply the patch first using
git apply wr703n-8Mb.patch - Type
cat b1300defconfig >> .configorcat wr703ndefconfig >> .configdepending on your router model - Next hit
make defconfigto create a full build config with this diff applied - Type
make V=jto build the image - scp
openwrt-ipq40xx-glinet_gl-b1300-squashfs-sysupgrade.binto/tmpon the router - Open a shell to the router and hit
sysupgrade /tmp/openwrt-ipq40xx-glinet_gl-b1300-squashfs-sysupgrade.bin