Hi, this post explains traffic mirroring on tplink TL-WR841N router.
- The router is flashed with openWRT chaos_calmer 15.05.1 version. I explain that process in my previous post (post no. 4 Security –> Ethical hacking), which is a re flashing. For a wr841N v11 router with low memory space, this would be a good choice. I had issues with out of memory after installing the barrier_breaker v11 and LEDE 17.01.2.
For traffic mirroring, we need to add some iptable rules to the router. Therefore, first install the following.
root@OpenWrt:~#opkg install iptables-mod-tee
Next, add ip table rules as follows: I will use a PC for monitoring, while a mobile app connected to the same network to access facebook account. So, once the rules are added I can sniff the traffic between mobile and facebook, using Wireshark on the sniffing machine.
Note*: Use the command “ifconfig” to find the ip address of PC
root@OpenWrt:~#iptables -A PREROUTING -t mangle -i br-lan ! -d <MOBILE_DEVICE_IP_ADD
RESS> -j TEE --gateway <PC_IP_ADDRESS>
root@OpenWrt:~#iptables -A POSTROUTING -t mangle -o br-lan ! -s <MOBILE_DEVICE_IP_AD
DRESS> -j TEE --gateway <PC_IP_ADDRESS>
Note*: To delete any rule execute the same command with replace -A with -D
iptables -D ...
The captured traffic can be analyzed using Wireshark.
Query the Wireshark:
e.g.: ip.src==192.168.1.193 or ip.dst==192.168.1.193
Cheers !!! 🙂
Hi, when you just flash an openWRT firmware on the router, you may find internet connection problem. To install the follow up packages like luci or even for ‘opkg update‘ you need internet. What you can do to solve the problem, at least temporarily depending on your goal, is to change the ‘lan‘ ip address to a different address (e.g. 192.168.1.150), rather than the default value ‘192.168.1.1’. You can use the following commands to edit the ‘etc/config/network’ file for this setting. After the reboot of the router you will be able to access the internet.
press ‘i’ to edit the file. Change only the lan.ipaddr field.
Press ‘:wq’ to save and close the file.
Once rebooted you can access the router using the static IP you assigned. For example with 192.168.1.150, in this tutorial.
Cheers !!! 🙂
Hi, in this guide I will explain how to re-flash chaos_calmer on an open WRT device with Barrier Breaker installed. The router I refer is tplink WR841n, which is of hardware version v11. In the official website of OpenWRT, it specifies that the chaos_calmer (15.05.1) of v10 image is compatible with the v11. Therefore, v10 of chaos_calmer image is used in this tutorial.
- Download tl-wr841n-v10-squashfs-factory.bin on to Windows and rename as wr841nv10_tp_recovery.bin.
- As explained in post (no.2 under Security –>ethical hacking of this blog ), use WinSCP software to transfer this file to the router. Then flash the image using
sysupgrade -F -v wr841nv10_tp_recovery.bin
- Now, wait until the router reboots. Once rebooted you can see the lights of router as shown in the below image.
- If you try to connect to the router through SSH at this moment, it will ask for a password. Although the default setting has no password, you will get permission denied.
- Therefore, first use the LuCi GUI comes with chaos_calmer firmware, to set a password.
- Open the browser –> visit 192.168.1.1 –> You can login to the root user account without a password.
- Next, click on the “password configuration link” on message at the top. Set a new password, and also select the SSH access interface to lan.–> Save and apply. (Do not open the GUI on more than one tab on the browser. It will avoid saving the settings.)
- Again, if you try to connect to through ssh. You can use the updated password to login.
Cheers !!! 🙂
Hi, your router may brick if something goes wrong during the firmware installation. This post may be helpful if your router is in the status as described below.
- When the power on all the lights of the router keep blinking and blinking…..
- You have tried hard resetting or 30/30/30 reset still all the lights of the router keep blinking…..
- When you connect the router to the PC via an ethernet cable, the icon on the taskbar keep as plugged in and then unplugged, again plugged in then unplugged…
- If you go to the network sharing center, the LAN network keep saying identifying…, then the network cable is unplugged.
- Only the WPS/QSS/lock sign LED is turned on.
- The router didn’t reboot after the flash, with no lights turned on.
Okay !!! although the router acts above, it is still can be recovered by following this post.
You only required plugging the router into the PC using the LAN cable. It is OK that the router will still act as above.
- First, download the router’s firmware from the official website.
- Rename the bin file as wr841nv11_tp_recovery.bin.
- Next, download ‘tftpd’ software Goto http://tftpd32.jounin.net/tftpd32_download.html then select tftpd64 standard edition (installer)
- Make sure the router is plugged in via cable and disable wireless connections.
- Now go to “Open network and sharing center” –> Change adapter settings–>Right Click on the LAN network –> properties–>select ” Internet Protocol Version 4″–> set the static IP 192.168.0.66 (This is the ip of tftp sever the router is looking for).
- Open the tftpd software.
- Select ‘Browse’ –> go to the folder where you put the bin image(e.g.C:\Users\HP-PC\Desktop\TL-WR841N(UN)_V11_160415).
- Next, select “server interfaces “–> from the drop down select “192.168.0.66 Realtek RTL8..”. Now the tftp server is looking to connect to something.
- Now, while the above happens, hold down the reset button of the router for 3 seconds. The software will then connect to the router and automatically copy the firmware image to the router. Wait until the router flashes the image. Done.!!!
- Note*: If the router is in a state where only the “WPS/QSS/lock sign LED” is turned on. The reset button should be pressed 3 seconds, when the router booting.
- Now open the browser goto 192.168.0.1 –> you can find the TPlink web server back.
Cheers !!!! 🙂
Hi, if you want to reinstall the firmware back on the OpenWRT router you can follow this guide.
- First, download the firmware from the official website. Please find the correct image matches your router’s hardware version and the region you are in. In my case, I downloaded this http://www.tp-link.com/sg/download/TL-WR841N_V11.html#Firmware. Unzip the file and find the bin image there.
- Rename the bin image as wr841nv11_tp_recovery.bin.
- Download the WinSCP software for Windows.
- Open the WinSCP app -> It will prompt to add the remote location. Select SCP as the file protocol –> give the hostname of router (e.g. 192.168.1.1), keep the port as same, the username of the OpenWRT enabled router is ‘root’ —> Click ‘log in’.
- It will authenticate and prompt to trust the certificate. Click OK.
- You can then dig into the directory tree of the remote server, in the left side of the user interface.
- You can select a file from the right side (your computer) to copy to the remote server. Select the stock image of the TP-link router.
- Right-click on the image (e.g. wr841nv11_tp_recovery.bin) –> upload–> select the destination directory at the remote server (e.g. /root/tmp)–> OK. File transferring is all done now.
Upgrade the firmware on OpenWRT device.
- Plug the router into the Linux machine using an ethernet cable.
- Open terminal and connect to the device using the following commands
sysupgrade -F -n -v wr841nv11_tp_recovery.bin
Thanks !!! 🙂
Hi, today I am going to give you a step by step guide to upgrade your TP-link TL-WR841N router in an Open WRT enabled device.
Pre-requisite: Install SSH on your PC.
- First, download the correct version of the image from https://wiki.openwrt.org/toh/tp-link/tl-wr841nd. My router has the hardware version of WR841N v11. Therefore, I downloaded the following. Select the factory.bin instead of the image
- Next, connect your router to the computer with an ethernet cable. Access the web server at 192.168.0.1. Then goto the system tools -> firmware upgrade –> upload the dowloaded image –> select upgrade. The router will reboot automatically after the upgrade happens.
- Once rebooted you can connect the router to the PC via ethernet cable. Open terminal and type following command.
if you get the above failure message then use the following command.
ssh-keygen -R 192.168.1.1
Again the same command as first
Thanks !!! 🙂
You can use jd-gui on Kali with just two steps.
- Download jd-gui repo for Kali from : Kali Git Repositories .
- Unzip the repository. You can see the jd-gui-1.4.0.jar. Just run the jar file from command prompt.
unzip <path to jd-gui-917bcbf.tar.gz>
java -jar <path to jd-gui-1.4.0.jar>
Cheers !!! 🙂