I'm trying to turn a WIFI to ethernet bridge with my raspberry pi 3b+, however I also would like to intercept some of the network traffic, possibly preform some checks on the traffic, and redirect if needed with my python script. I found this article here on how to do a direct Wi-Fi to ethernet bridge, but how would I go about setting up the bridge with a python script in between?
in my opinion, the project should be divided into 2 parts:
creation of a dhcp server on eth0 with a redirect from (wlan). this is done easily with packages like dnsmasq and an iptable rule. a complete tutorial: https://www.raspberrypi.org/forums/viewtopic.php?t=132674 (for information: wlan =wifi, eth0 = ethernet).
Then, to analyze the traffic, you'll have to make your own DNS server (because intercepting https traffic is (almost) impossible). you won't get the content of the request (nor the answer) but you'll get the url of the request.
Making your own dns seems complicated, however, by installing pi-hole (https://pi-hole.net) (dns server for raspberry), you can then make python scripts that uses on the pi-hole api (in order to block and redirect requests). Either with command lines directly, or with a library like https://pypi.org/project/PiHole-api/
Is everything clear ?
Related
I am trying to create a chess game between two different computers that are not in the same LAN. I am having trouble connecting the two via a TCP connection (UDP would probably be sufficient as well if the packets are arriving, but ideally TCP).
I am new to a lot of networking and am unaware of many different tools that may be useful and I am also in university and therefore don't have control over the router to update firewall rules. What can I do to work around the router firewall to connect the two devices.
I am primarily using the Python socket library at the moment to implement the connection.
Any information about how I can send messages between the two computers outside of a LAN would be very useful. Thank you for your help!
I have ensured that the client side is using the public IP of the server and the server is using "" for its socket host. I also checked that the connection was working when utilizing a LAN without issue. I included a batch file that enables the specific port used for the game at the beginning of runtime and disables it at the end of the program. If I am not mistaken, that only impacts the computer's firewall rules not the router's. I have looked into receive the packets through port 80 and redirecting it to my specific program, but was unsuccesful in finding a solution of that type.
If the server is behind a router/firewall you'll have to use some sort of hole punching method to create the connection. STUN is one of the most common, though I've never actually used it in a Python program so I don't know what Python implementations are out there.
I have an embedded system on which I can connect to internet. This embedded system must send sensor data to PC client.
I put a socket client using python on my PC. I put a socket server ( using C++ language on the embedded system because you can only use C++ ).
I can succesfully connect from my PC to the embedded system using the sockets and send and recieve whatever I want.
Now, the problem is I use local IP to connect to the system and both of them must be connected to the same Wifi router.
In the real application, I won't know where the embedded system is in the world. I need to get to it through internet, because it will be connectet to internet through 4g.
My question is, how can I connect to it through internet, if the embedded system is connected to internet using 4G?
Thank you
Realistically in typical situations, neither a PC nor an embedded device hanging off a 4g modem will likely have (or should be allowed) to have externally routable addresses.
What this practically means is that you need to bounce your traffic through a mutually visible relay in the cloud.
One very common way of doing that for IoT devices (which is basically to say, connected embedded devices) is to use MQTT. You'll find support in one form or another for most computing platforms with any sort of IP networking capability.
Of course there are many other schemes, too - you can do something with a RESTful API, or websockets (perhaps as an alternate mode of an MQTT broker), or various proprietary IoT solutions offered by the big cloud platforms.
It's also going to be really key that you wrap the traffic in SSL, so you'll need support for that in your embedded device, too. And you'll have to think about which CA certs you package, and what you do about time given its formal requirement as an input to SSL validation.
I think your problem is more easily solved if you reverse the roles of your embedded system and PC. If you are communicating to a device using IP protocols across cellular networks, it is much easier to have the device connect to a server on the PC rather than the other way around. Some networks/cellular modems do not allow server sockets and in any case, the IP address is usually dynamically allocated and therefore difficult to know. By having the device connect to a server, it "knows" the domain name (or IP address) and port to which it should make the connection. You just have to make sure that there is indeed a server program running at that host bound to some agreed upon port number. You can wake up the device to form the connection based on a number of criteria, e.g. time or amount of collected data, etc.
I am currently implementing a Django web application, which will be used only locally but long-term. I already managed to start the Django server on my local machine using python manage 0.0.0.0:myport and I am able to connect from any mobile device using MyLocalIPv4:myport.
In best case I only want to start the Django server once, establish a connection between a mobile device and the web app and let the web app run for an undefined long time on that mobile device
Now my assumption is, that MyLocalIPv4 will be changing over time as it is a dynamic IP address, which will force the user (or even worse myself) to look up the new IP address and re-establish the connection.
My question are: Do you know any mechanisms on how I can avoid this type of behaviour using another (maybe static) referral to the web app ? What do you think about this web application in term of security issues ?
DNS is the way to go. What you want is a (internal) domain that would map to your computer IP address.
There are many ways you can achieve that but I suggest going with whatever tools you have available. I assume that for your home network you're using some sort of a consumer-grade home router with wireless access point. Very often this type of hardware offers some way to "map" the hostname of a machine to its internal-network IP address.
For example, at home I'm using a RT-AC1200G+ router, which runs an internal DNS server and maps hostnames of clients of my network to their IP:
$ dig +short #192.168.1.2 samu-pc
192.168.1.70
$ ifconfig |grep 192.168.1.70
inet 192.168.1.70 netmask 255.255.255.0 broadcast 192.168.1.255
Alternatively, one of the easier solutions would be to ensure your IP does not change. You could assign a static IP to your django-server machine, OR if you want to continue using DHCP - use your routers functions to make a static assignment to a specific, static IP address using your network card's MAC address.
Disclaimer: There are other, more "professional" ways of solving service discovery within a network, but I would consider them overkill to your home network setup. Also, if you care about security, you should consider running the django app behind a reverse proxy with HTTPs on the front, just to ensure nobody in your internal network is trying to do something nasty.
At work, I'm connected to both an internal internet service (through wifi) and an ethernet cable for external internet access. The wifi connection is the only way to connect to our internal databases or systems, but ethernet is what I need for internet browsing. Currently, by default I'm on the ethernet cable, but when I need to connect to our internal databases, I have to unplug the ethernet cable or go into my settings to change the service order to specifically use wifi (unplugging is much quicker).
Is there any way to specify in python to specifically use the non-default wifi connection when connecting to my sql server?
Python can't determine how to connect to IPs, that is in the domain of the operating system, at a lower level than Python cares about. You have to convince your OS to do it. Note that, because of this, the method is necessarily OS-specific, so nothing in this answer will work on anything other than Mac OS X.
I am not 100% sure, but I think you can do it so that OS handles the situation automatically. Try this:
Know the IP address of your database (e.g. 192.168.1.1)
Find out what the connection is called (probably Wi-Fi):
networksetup -listallnetworkservices
Find the gateway that is taking you there (e.g. 192.168.1.254) and its subnet mask (eg. 255.255.255.0):
networksetup -getinfo Wi-Fi
Set up a route so that your Mac OS will know to use that gateway for that address. This is kernel-level stuff so you need superuser access:
sudo networksetup -setadditionalroutes Wi-Fi 192.168.1.1 255.255.255.0 192.168.1.254
If I am correct, you can now browse the web using your normal connection, and use the ethernet Wi-Fi to connect to your database, automatically without you having to do anything further.
Another way to do this, closer to the way you asked it, is to create two different locations, with different service order; then you can switch between them programmatically using
networksetup -switchtolocation MyLovelyDatabase
You can get back to the default using
networksetup -switchtolocation Automatic
You can do this method from Python using subprocess.
I am trying to find a way to block a certain Mac address / Internal IP from accessing the internet (Blocking a device in the LAN to WAN) in python.
This option is available in every modern router in every home but mine is kinda old and doesn't have that feature.
I have a basic knowledge in networking stuff and consider myself an Advanced-Beginner in python, so I'm up for the challenge but still need your help.
*Of course with the option to enable the internet again for that device
I know I am kinda late now but... You can't necessarily block internet access to a machine like you would do in your router's config.
What you CAN do is implement something like an ARP Spoofer. Basically what you would do in a Man-in-the-Middle attack.
You send a malicious ARP packet to poison the target's ARP table. Making it believe your machine is the router/default gateway. That way you can intercept every packet being transmitted by the target. You can then choose if you want to router them or not.
If you choose not to forward the packets, the connection to the internet is cut off.
If you want to forward the packets to the actual router (in order to allow the target to access the internet) you must enable IP Forwarding on your machine.
You can do this by running echo 1 >> /proc/sys/net/ipv4/ip_forward on Linux or changing the Registry Key in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter on Windows ('1' forwards the packets, '0' doesn't). By default IP forwarding is set to 0.
Remember you must resend the malicious ARP packet every couple of seconds as the ARP tables get updated quite frequently. This means you don't necessarily have to change the IP Forwarding configuration on your machine. After a minute or less of exiting the script the target's ARP table will go back to normal, giving them access to the internet again.
Here are some python modules you might want to take a look at:
Scapy (Packet Manipulation Tool)
winreg (Windows Registry)
Blocking of traffic has to happen inside the router. If the router does not have this feature, consider to replace it with a new one.