Sunday, February 2, 2014

Wifi break-in notifier

Intro

You've grown paranoid of people who could be stealing your Wifi ?
You have the securest form of Wifi encryption ... still wouldn't you like to know STRAIGHT AWAY if someone managed to crack into your network?
Here's a home baked solution ( not suitable for work ) your mileage may vary depending on your Wifi access point.

Concept

Every 5 minutes, a script checks your Wifi access point for unknown Wifi devices.
If one of these devices isn't included in a list of Wifi devices you defined, you get an alert on your iPad/iPhone every day until you add it to your list of known Wifi devices.

Requirements


  • Raspberry Pi running RaspBMC, powered on & connected to your Wifi 24/7
  • Prowl
  • Prowl API key
  • iOS device - iPhone/iPad
  • understanding of Bash/shell scripting
  • you need to make a list of your wifi devices as csv
To add devices to this list, use this command
echo "device_owner;device_name;00:23:68:BE:E7:62" >> known_wifi_devices.csv


You need to understand how to get MAC addresses from your modem/router - i have a Zhone router with Adamo, not much I can help you with here, you need to master curl and grep !

The script

nano rogue_devices.sh


# check if all Wifi devices on the router are known MAC addresses

# if unknown, send a notification via Prowl

# run this as "cron job"

APIKEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



#get the list of MAC addresses from the webpage of my Wifi access point.

html=$(curl -u user:user http://192.168.1.1/wlstationlist.cmd)

echo "$html" | grep -o -E '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}'| while read mac

do

# check if MAC address is known

 if grep -i -q $mac /home/pi/known_wifi_devices.csv; then

  echo "OK - $mac is known wifi device"

 else

  #if station in logfile in the last day, just log it.

  if grep -E "^$(/bin/date +"%a %b %d")..............$(/bin/date  +"%Y")" -q /var/log/rogue_wifi_monitor; then

   echo "$(/bin/date +"%a %b %d %T %Z %Y") --- $mac is not a known Wifi device on this network" | tee -a /var/log/rogue_wifi_monitor

  else # log it and notify via Prowl

   echo "$(/bin/date +"%a %b %d %T %Z %Y") --- $mac is not a known Wifi device on this network, admin notified" | tee -a  /var/log/rogue_wifi_monitor

   curl https://api.prowlapp.com/publicapi/add \

       -F apikey=$APIKEY \

       -F application="XBMC Rpi" \

      -F event="Rogue Wifi device detected" \

      -F description="MAC Address $mac is unknown !"

  fi

 fi

done


Configure cron

Configure Cron for the script to run every 5 minutes.
crontab -e


*/5 * * * * /home/pi/rogue_devices.sh


If you're curious about what 'cron' does, I recommend this tutorial

Enable cron

Since cron is disabled in RaspBMC, you must enable it.

nano .xbmc/userdata/addon_data/script.raspbmc.settings/settings.xml

change sys.service.cron to "true"

Start cron
service cron start


Possible improvements

rotate or truncate log file
log when Wifi device is recognized after being added.


Post your questions in the comments :-)


No comments:

Post a Comment