wr841n

All posts tagged wr841n

6. Traffic mirroring using OpenWRT router

Posted by Kulani Mahadewa on January 27, 2018
Posted in: Ethical Hacking, Traffic Mirroring with OpenWrt. Tagged: , , , , , . Leave a comment

Hi, this post explains traffic mirroring on tplink TL-WR841N router.

Pr-requisites:

  • The router is flashed with openWRT chaos_calmer 15.05.1 version. I explain that process in my previous post (post no. 4 Security –> Ethical hacking), which is a re flashing. For a wr841N  v11 router with low memory space, this would be a good choice. I had issues with out of memory after installing the barrier_breaker v11 and LEDE 17.01.2.

For traffic mirroring, we need to add some iptable rules to the router. Therefore, first install the following.

root@mykali:~#ssh root@192.168.1.150
root@OpenWrt:~#opkg update
root@OpenWrt:~#opkg install iptables-mod-tee
root@OpenWrt:~#modprobe xt_TEE

Next, add ip table rules as follows: I will use a PC for monitoring, while a mobile app connected to the same network to access facebook account. So, once the rules are added I can sniff the traffic between  mobile and facebook, using Wireshark on the sniffing machine.

Note*: Use  the command “ifconfig” to find the ip address of PC

root@OpenWrt:~#iptables -A PREROUTING -t mangle -i br-lan ! -d <MOBILE_DEVICE_IP_ADD
RESS> -j TEE --gateway <PC_IP_ADDRESS>

root@OpenWrt:~#iptables -A POSTROUTING -t mangle -o br-lan ! -s <MOBILE_DEVICE_IP_AD
DRESS> -j TEE --gateway <PC_IP_ADDRESS>

Screenshot from 2018-01-27 16-17-41

Note*: To delete any rule execute the same command with replace -A with -D

iptables -D ...

The captured traffic can be analyzed using Wireshark.

  • Select ‘etho’ channel

Screenshot from 2018-01-27 16-19-01

Query the Wireshark:

e.g.: ip.src==192.168.1.193 or ip.dst==192.168.1.193

Cheers !!! 🙂

Advertisement

3.Unbrick a TP-link TL-WR841N router

Posted by Kulani Mahadewa on January 25, 2018
Posted in: Ethical Hacking. Tagged: , , , , , , . 3 Comments

Hi, your router may brick if something goes wrong during the firmware installation. This post may be helpful if your router is in the status as described below.

Router’s status: 

  • When the power on all the lights of the router keep blinking and blinking…..
  • You have tried hard resetting or 30/30/30 reset still all the lights of the router keep blinking…..
  • When you connect the router to the PC via an ethernet cable, the icon on the taskbar keep as plugged in and then unplugged, again plugged in then unplugged…
  • If you go to the network sharing center, the LAN network keep saying identifying…, then the network cable is unplugged.

maxresdefault

or

  •  Only the WPS/QSS/lock sign LED is turned on.

or

  • The router didn’t reboot after the flash, with no lights  turned on.

Okay !!! although the router acts above, it is still can be recovered by following this post.

You only required plugging the router into the PC using the LAN cable. It is OK that the router will still act as above.

  1. First, download the router’s firmware from the official website15
  2. Rename the bin file as wr841nv11_tp_recovery.bin.16
  3. Next, download ‘tftpd’ software Goto  http://tftpd32.jounin.net/tftpd32_download.html then select tftpd64 standard edition (installer)
  4. Make sure the router is plugged in via cable and disable wireless connections.
  5. Now go to “Open network and sharing center” –> Change adapter settings–>Right Click on the LAN network –> properties–>select ” Internet Protocol Version 4″–> set the static IP 192.168.0.66 (This is the ip of tftp sever the router is looking for).17
  6. Open the tftpd software.
    • Select ‘Browse’ –> go to the folder where you put the bin image(e.g.C:\Users\HP-PC\Desktop\TL-WR841N(UN)_V11_160415).14
    • Next, select “server interfaces “–> from the drop down select “192.168.0.66 Realtek RTL8..”. Now the tftp server is looking to connect to something.
  7. Now, while the above happens, hold down the reset button of the router for 3 seconds. The software will then connect to the router and automatically copy the firmware image to the router. Wait until the router flashes the image. Done.!!!
    • Note*: If the router is in a state where only the “WPS/QSS/lock sign LED” is turned on. The reset button should be pressed 3 seconds, when the router booting.
  8. Now open the browser goto 192.168.0.1 –> you can find the TPlink web server back.18

Cheers !!!! 🙂