Setting up a Wireless access point and TOR to bypass Network Filters
- Details
- Category: Linux Articles
- Published on Wednesday, 19 February 2014 18:50
- Written by Administrator
- Hits: 8382
The setup given below is when one is connected to Internet through a proxy server and we intend running a Wireless Access point such that other PCs,laptops and phones can transparently access Internet. Whatsapp does not function through a proxy. Therefore it is required that we offer a transparent data connection. TOR comes to our rescue in this as TOR offers a transparent data port. What is required is that the traffic be routed to the TOR transparent data port. This is easily handles through iptables. For setting up the Wireless access point we would use the hostapd. We would use dnsmasq for resolving our DNS queries as a DHCP server. In the process of this article I would also be touching upon how to operate this whole setup such that the service providers is not alarmed.
I would be using $ for bash shell prompt and # to start a comment.
Imagine a scenario where the service provider is using MAC address binding and gets alarmed when they see a different computer name on their network.
1.So to start with change hostname to Service Provider valid computer name whom you are masquerading giving the following command.
$ sudo nano /etc/hostname
Delete everything and enter the name of the service providers PC. save and exit ie Ctrl+O and then Ctrl+X
2.Thereafter install the following softwares tor, hostapd, openssh and dnsmasq in one go using the command below. For this as we are behind a proxy we need to set the proxy server for the bash shell by giving the following command.
$ sudo export http_proxy="https://username:password@IP_address_of_proxy_server:Proxy_port/"
incase the password contains @, replace @ with %40.
and now give the installation command
$ sudo apt-get install tor hostapd openssh-server dnsmasq
3.Now Check your current run level using the command runlevel.It should be 2
Change the conf file entry in hostapd file in /etc/rc2.d/ which could be having the path /etc/rc2.d/SXXhostapd , where XX indicates a number.
to /etc/hostapd/hostapd.conf as under
DAEMON_CONF=/etc/hostapd/hostapd.conf
4.Now edit the /etc/hostapd/hostapd.conf file using nano and check the line
interface=wlan0
The above line may be required to be changed depending upon what Linux calls your wireless interface
#################################### /etc/hostapd/hostapd.conf############################
# First we configure the interface we'll be listening on
interface=wlan0
# The interface to listen on
driver=nl80211
# Now onto the important WiFi configuration
ssid=SSG
# First up, the SSID or Network name. This is what other devices will see when they try to connect.
hw_mode=g
# I'm setting this to Wireless G mode. A, B, and G are available here.
channel=8
# This is setting the channel that the WiFi is on, valid channels are from 1-11, or 1-14 depending on location.
# Wifi Security Settings
wpa=2
# Set a passphrase like the line below.
wpa_passphrase=my_secret
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
# Other settings
beacon_int=100
# This sets how often the WiFi will send a beacon out.
auth_algs=3
wmm_enabled=1
# Send empty SSID in beacons and ignore probe request frames that do not
# specify full SSID, i.e., require stations to know SSID.
# default: disabled (0)
# 1 = send empty (length=0) SSID in beacon and ignore probe request for
# broadcast SSID
# 2 = clear SSID (ASCII 0), but keep the original length (this may be required
# with some clients that do not support empty SSID) and ignore probe
# requests for broadcast SSID
ignore_broadcast_ssid=1
#This was you can make your network hidden, and then it will show up as other network in window PCs
##########################################################################################
5.Now as service hostapd restart and verify that a SSID as given in the hostapd.conf appears in your PC/cellphone incase you have not made it. For wifi scanning I would recommend install app 'Wifi Analyzer' in your android phone.
$sudo service hostapd restart
6.Now we would setup a DHCP and DNS server using dnsmasq.conf
$sudo nano /etc/dnsmasq.conf
find the line
dhcp-host=AB:CD:EF:FF:11:22,net:known
and add a similiar entry for your device MAC
change the following inteface name as per your PC
interface=wlan0
except-interface=eth0
The above two lines may require change depending upon what Linux calls your ethernet and wireless interface
#################################### /etc/dnsmasq.conf###################################
# Configuration file for dnsmasq.
interface=wlan0
except-interface=eth0
listen-address=192.168.4.1
listen-address=127.0.0.1
domain=robinhood.co.ss
dhcp-range=192.168.4.50,192.168.4.150,255.255.255.0,12h
dhcp-host=AB:CD:EF:FF:11:22,net:known
dhcp-ignore=tag:!known
##########################################################################################
7.Now we have a fully functional Wireless acess point with DHCP server. Connect to it using your cell phone and check it out.
8.We would now route the traffic coming from the wireless access point to the transparent port of TOR. For the iptable rules to be loaded when the PC reboots add the following to rc.local by editing it using the following command
$sudo nano /etc/rc.local
#################################### /etc/hostapd/hostapd.conf###################################
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 9053
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 1:21 --syn -j REDIRECT --to-ports 9040
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 23:5900 --syn -j REDIRECT --to-ports 9040
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 5902:65535 --syn -j REDIRECT --to-ports 9040
echo nameserver 127.0.0.1 > /etc/resolv.conf
exit 0
##########################################################################################
Change wlan0 in above if required to name of your interface runing hostapd.
9.Now that the traffic is routed to the TOR transparent port , lets setup up TOR. For this edit the TOR config file torrc.
nano /etc/tor/torrc Change the following lines as required.
HTTPSProxy IPaddress_of_Proxy_Server:Proxy_Port
HTTPSProxyAuthenticator username:password
StrictNodes 1
ExitNodes {us}
These last two lines can be commented out if you dont want to go through US or could put 'in' to route traffic from India.
#################################### /etc/tor/torrc######################################
SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
TransListenAddress 192.168.4.1
TransPort 9040
DNSPort 9053
DNSListenAddress 192.168.4.1
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
Log notice file /var/log/tor/notices.log
HTTPSProxy 10.155.12.16:8080
HTTPSProxyAuthenticator jlocham:Malakal@123
StrictNodes 1
ExitNodes {in}
##########################################################################################
10.Now to handle the MAC binding in the Data Switches. Edit the interface file and change the MAC address to MAC address of your service provide.
$sudo nano /etc/network/interfaces
#################################### /etc/network/interfaces######################################
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
hwaddress ether 00:1A:6B:51:08:03
auto wlan0
iface wlan0 inet static
address 192.168.4.1
netmask 255.255.255.0
##########################################################################################
11.Give the following commands
$sudo service tor restart
$sudo service dnsmasq restart
$sudo service hostapd restart
12.Now check whether TOR has loaded to 100 % by giving the command
$tail -f /var/log/tor/notices.log
13.I guess thats it.!!!! and now voila your Whatsapp etc all should work even if they were blocked by the Service Provider as most of the service provider block based on the URL and since we are not offering URL to the service providers filters that it can block.
Comments
(from what I've read) Is that what you're using on your blog?
this article, while I am also keen of getting knowledge.
compatibility issues. Whenever I take a look at your website
in Safari, it looks fine however, if opening in Internet Explorer,
it has some overlapping issues. I merely wanted to provide you with a quick heads up!
Apart from that, wonderful site!
template that you are making use of? I know it's a little self-interested but this look is PRECISELY what I'vebeen browsing for!
setup? I'm assuming having a blog like yours would cost a
pretty penny? I'm not very web savvy so I'm not 100% positive.
Any tips or advice would be greatly appreciated.
Cheers
quality based information.
RSS feed for comments to this post