Visitor counter, Heat Map, Conversion tracking, Search Rank

Setting up a Wireless access point and TOR to bypass Network Filters

The setup given below is when one is connected to Internet through a proxy server and we intend running a Wireless Access point such that other PCs,laptops and phones can transparently access Internet. Whatsapp does not function through a proxy. Therefore it is required that we offer a transparent data connection. TOR comes to our rescue in this as TOR offers a transparent data port. What is required is that the traffic be routed to the TOR transparent data port. This is easily handles through iptables. For setting up the Wireless access point we would use the hostapd. We would use dnsmasq for resolving our DNS queries as a DHCP server. In the process of this article I would also be touching upon how to operate this whole setup such that the service providers is not alarmed. 

I would be using $ for bash shell prompt and # to start a comment.

Imagine a scenario where the service provider is using MAC address binding and gets alarmed when they see a different computer name on their network.

 

1.So to start with  change hostname to Service Provider valid computer name whom you are masquerading giving the following command. 

$ sudo nano /etc/hostname

Delete everything  and enter the name of the service providers PC. save and exit ie Ctrl+O and then Ctrl+X

2.Thereafter install the following softwares  tor, hostapd, openssh and dnsmasq  in one go using the command below. For this as we are behind a proxy we need to set the proxy server for the bash shell by giving the following command.

$ sudo export http_proxy="https://username:password@IP_address_of_proxy_server:Proxy_port/"   

incase the password contains @, replace @ with %40.

and now give the installation command

$ sudo apt-get install tor hostapd openssh-server dnsmasq 

 

3.Now Check your current run level using the command runlevel.It should be 2

Change the conf file entry in hostapd file in /etc/rc2.d/ which could be having the path /etc/rc2.d/SXXhostapd , where XX indicates a number.

to /etc/hostapd/hostapd.conf as under

DAEMON_CONF=/etc/hostapd/hostapd.conf

4.Now edit the /etc/hostapd/hostapd.conf  file using nano and check the line 

interface=wlan0

The above  line may be required to be changed depending upon what Linux calls your wireless interface

 

#################################### /etc/hostapd/hostapd.conf############################

# First we configure the interface we'll be listening on

interface=wlan0

# The interface to listen on

driver=nl80211

 

# Now onto the important WiFi configuration

ssid=SSG

# First up, the SSID or Network name. This is what other devices will see when they try to connect.

hw_mode=g

# I'm setting this to Wireless G mode. A, B, and G are available here.

channel=8

# This is setting the channel that the WiFi is on, valid channels are from 1-11, or 1-14 depending on location.

# Wifi Security Settings

wpa=2

# Set a passphrase like the line below.

wpa_passphrase=my_secret

wpa_key_mgmt=WPA-PSK

wpa_pairwise=CCMP

rsn_pairwise=CCMP

 

# Other settings

beacon_int=100

# This sets how often the WiFi will send a beacon out.

auth_algs=3

wmm_enabled=1

 

# Send empty SSID in beacons and ignore probe request frames that do not

# specify full SSID, i.e., require stations to know SSID.

# default: disabled (0)

# 1 = send empty (length=0) SSID in beacon and ignore probe request for

#     broadcast SSID

# 2 = clear SSID (ASCII 0), but keep the original length (this may be required

#     with some clients that do not support empty SSID) and ignore probe

#     requests for broadcast SSID

ignore_broadcast_ssid=1

#This was you can make your network hidden, and then it will show up as other network in window PCs

##########################################################################################

 

5.Now as service hostapd restart and verify that a SSID as given in the hostapd.conf appears in your PC/cellphone incase you have not made it. For wifi scanning I would recommend install app 'Wifi Analyzer' in your android phone.

$sudo service hostapd restart

6.Now we would setup a DHCP and DNS server using dnsmasq.conf  

$sudo nano /etc/dnsmasq.conf

find the line

dhcp-host=AB:CD:EF:FF:11:22,net:known

and add a similiar entry for your device MAC  

change the following inteface name as per your PC

interface=wlan0

except-interface=eth0

The above two lines may require change depending upon what Linux calls your ethernet and wireless interface

#################################### /etc/dnsmasq.conf###################################

# Configuration file for dnsmasq.

interface=wlan0

except-interface=eth0

listen-address=192.168.4.1

listen-address=127.0.0.1

domain=robinhood.co.ss

dhcp-range=192.168.4.50,192.168.4.150,255.255.255.0,12h

dhcp-host=AB:CD:EF:FF:11:22,net:known

dhcp-ignore=tag:!known

##########################################################################################

 

7.Now we have a fully functional Wireless acess point with DHCP server. Connect to it using your cell phone and check it out.

 

8.We would now route the traffic coming from the wireless access point to the transparent port of TOR. For the iptable rules to be loaded when the PC reboots add the following to rc.local by editing it using the following command

$sudo nano /etc/rc.local 

#################################### /etc/hostapd/hostapd.conf###################################

iptables -F

iptables -t nat -F

iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 9053

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 1:21 --syn -j REDIRECT --to-ports 9040

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 23:5900 --syn -j REDIRECT --to-ports 9040

iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 5902:65535 --syn -j REDIRECT --to-ports 9040

echo nameserver 127.0.0.1 > /etc/resolv.conf

exit 0

 

##########################################################################################

Change wlan0 in above if required to name of your interface runing hostapd.

 

9.Now that the traffic is routed to the TOR transparent port , lets setup up TOR. For this edit the TOR config file torrc.

nano /etc/tor/torrc Change the following lines as required.

HTTPSProxy IPaddress_of_Proxy_Server:Proxy_Port

HTTPSProxyAuthenticator username:password

StrictNodes 1

ExitNodes {us}

These last two lines can be commented out if you dont want to go through US or could put 'in' to route traffic from India.

 

#################################### /etc/tor/torrc######################################

SocksPort 9050 # Default: Bind to localhost:9050 for local connections.

TransListenAddress 192.168.4.1

TransPort 9040

DNSPort 9053

DNSListenAddress 192.168.4.1

VirtualAddrNetwork 10.192.0.0/10

AutomapHostsSuffixes .onion,.exit

AutomapHostsOnResolve 1

Log notice file /var/log/tor/notices.log

HTTPSProxy 10.155.12.16:8080

HTTPSProxyAuthenticator jlocham:Malakal@123

StrictNodes 1

ExitNodes {in}

##########################################################################################

10.Now to handle the MAC binding in the Data Switches. Edit the interface file and change the MAC address to MAC address of your service provide.

$sudo nano /etc/network/interfaces 

#################################### /etc/network/interfaces######################################

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet dhcp

hwaddress ether 00:1A:6B:51:08:03

auto wlan0

iface wlan0 inet static

address 192.168.4.1

netmask 255.255.255.0

##########################################################################################

11.Give the following commands 

$sudo service tor restart

$sudo service dnsmasq restart

$sudo service hostapd restart

12.Now check whether TOR has loaded to 100 % by giving the command 

$tail -f /var/log/tor/notices.log

13.I guess thats it.!!!! and now voila your Whatsapp etc all should work even if they were blocked by the Service Provider as most of the service provider block based on the URL and since we are not offering URL to the service providers filters that it can block.

 

 

 

Comments   

0 #52 free web proxy 2015-11-12 06:49
At this time it seems like Movable Type is the preferred blogging platform available right now.
(from what I've read) Is that what you're using on your blog?
Quote
0 #51 PR Domain faceBook 2015-05-30 02:58
Bookmarked!!, I really likle your site!
Quote
0 #50 https://www. 2015-05-28 12:47
Since the admin of this website is working, no question very quickly it will be famous, due to its quality contents.
Quote
0 #49 www.pr-centre.com 2015-02-07 12:22
It's awesome to visit this web site and reading the views of all mates on the topic of
this article, while I am also keen of getting knowledge.
Quote
0 #48 Elida 2015-01-13 17:49
Hey love the idea!
Quote
0 #47 Jenny 2014-12-07 23:35
Greetings, I do think your site could be having browser
compatibility issues. Whenever I take a look at your website
in Safari, it looks fine however, if opening in Internet Explorer,
it has some overlapping issues. I merely wanted to provide you with a quick heads up!
Apart from that, wonderful site!
Quote
0 #46 Anna 2014-12-03 12:07
Hey appreciate the idea!
Quote
0 #45 alternative private 2014-12-03 07:46
Heyy There! Would youu mind letting me know what program and
template that you are making use of? I know it's a little self-interested but this look is PRECISELY what I'vebeen browsing for!
Quote
0 #44 Shawnee 2014-12-03 06:24
I know this if off topic but I'm looking into starting my own blog and was wondering what all is needed to get
setup? I'm assuming having a blog like yours would cost a
pretty penny? I'm not very web savvy so I'm not 100% positive.
Any tips or advice would be greatly appreciated.
Cheers
Quote
0 #43 zensenergy 2014-11-30 09:49
I think the admin of this site is in fact working hard for his site, because here every material is
quality based information.
Quote

Add comment


Security code
Refresh