How to Turn the Internet Upside Down

| By

I read this web page many years ago that described how someone used their unencrypted WiFi network to prank neighbors by turning all images upside down or making them blurry or simply redirecting them to cats. I always wanted to do it myself, but I didn’t have the required knowledge or hardware until now.

In my previous post, I wrote about how I installed DD-WRT onto my Asus RT-N16 wireless router. You might be able to do this prank with the factory default firmware for your router. Your firmware needs to let you do the steps in this awesome tutorial to create a separate guest WiFi network and add custom iptables rules. If it doesn’t, get a better router or flash better firmware.

Install the squid3 proxy caching server on a computer on the LAN using this tutorial from Ubuntu. Instead of using the Apache web server and that Perl script (which didn’t work for me), I used Nginx and wrote an analogous Python script. I skipped their “Networking Setup” section because I need to setup iptables rules in my router to redirect all traffic from the guest WiFi to the squid proxy host. I setup a new subdomain “newsubdomain.davidxia.com” to point to the proxy host and added the Nginx configuration for it as shown below.

Python script for squid url_rewrite_program
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

#!/usr/bin/env python

import os
import subprocess
import sys
import urllib
import uuid


IMG_DIR = '/var/www/images/'
BASE_URL = 'http://newsubdomain.davidxia.com/'


def modify_url(line):
    list = line.split(' ')
    # The first element of the list is the requested URL.
    old_url = list[0]

    # The returned needs to contain a '\n' at the end.
    # A '\n' by itself means do not rewrite the URL.
    new_url = '\n'

    # If the requested URL is a JPG, save it to a file on the proxy host, flip it upside down,
    # and give the user the URL to the upside down image. :p
    if old_url.lower().endswith('.jpg'):
        img_file_name = str(uuid.uuid4()) + '.jpg'
        img_file_path = os.path.join(IMG_DIR, img_file_name)
        try:
            urllib.urlretrieve(old_url, img_file_path)
            subprocess.check_output(['/usr/bin/mogrify', '-flip', img_file_path])
            new_url = BASE_URL + img_file_name + '\n'
        except urllib.ContentTooShortError:
            # TODO log this and return original URL
            pass
        except subprocess.CalledProcessError:
            # TODO log and return original URL and delete the image file
            pass
    return new_url

while True:
    # The format of the line read from stdin is
    # URL ip-address/fqdn ident method, e.g. http://saini.co.in 172.17.8.175/saini.co.in - GET -
    line = sys.stdin.readline().strip()

    # new_url is a simple URL only, e.g. http://fedora.co.in
    new_url = modify_url(line)
    sys.stdout.write(new_url)
    sys.stdout.flush()
Nginx config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

server {
  server_name images.davidxia.com;
  root /var/www/images;

  access_log /var/log/nginx/images.davidxia.com-access.log;
  error_log /var/log/nginx/images.davidxia.com-error.log;

  index index.html;

  location ~* \.(?:gif|jpe?g|png)$ {
    expires 30d;
    add_header Pragma public;
    add_header Cache-Control "public";
  }
}

In the squid configuration section, be sure to have acl localnet src <network range> where network range is 192.168.2.1/24 if you used the aforementioned tutorial. Make sure you can make HTTP requests to the proxy on localhost:3128 in order to debug. If you can’t, you might need to add extra ACL rules to the squid conf file (something like http_access allow localnet).

I found instructions to configure the router’s firewall rules but realized my setup was different. I don’t want to proxy traffic from my regular WiFi subnet 192.168.1.1/24 to my proxy host on 192.168.1.134 but instead from 192.168.2.1/24 to 192.168.1.134. Use these rules:

iptables rules for router
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

# Allow traffic coming into interface br0 from proxy host 192.168.1.134 to exit interface br1 to any destination IP
iptables -I FORWARD -i br0 -o br1 -s 192.168.1.134 -j ACCEPT

# Allow traffic coming into interface br1 from any IP to exit interface br1 to proxy host 192.168.1.134
# make stricter later
iptables -I FORWARD -i br1 -o br0 -d 192.168.1.134 -j ACCEPT

PROXY_IP=192.168.1.134
PROXY_PORT=3128
LAN_IP=`nvram get br1_ipaddr`
LAN_NET=$LAN_IP/`nvram get br1_netmask`

# Modify the destination address of packets as soon as they come in.
# Change their destination address to the squid proxy on 192.168.1.134:3128.
# Only change packets matching these criteria: came into the br1 interface, are TCP packets, destined for port 80.
# This redirects HTTP traffic from the guest WiFi to the squid proxy.
iptables -t nat -A PREROUTING -i br1 -p tcp --dport 80 -j DNAT --to $PROXY_IP:$PROXY_PORT

# Modify the destination address of packets as they are about to go out.
# Change their destination address to the br1 interface's IP, ie the virtual Wifi's router IP of 192.168.2.1.
# Only change packets matching these criteria: leaving the br1 interface, have a source address
# from the 192.168.2.1/24 subnet, are TCP packets, destined for the proxy IP.
# This makes the squid proxy return HTTP requests back to the guest Wifi, I think...
iptables -t nat -I POSTROUTING -o br1 -s $LAN_NET -d $PROXY_IP -p tcp -j SNAT --to $LAN_IP

# Allow traffic coming into the br1 interface and leaving br0 with a source IP from the guest WiFi.
# Packets have to be TCP and destined for the squid proxy's port.
iptables -I FORWARD -i br1 -o br0 -s $LAN_NET -d $PROXY_IP -p tcp --dport $PROXY_PORT -j ACCEPT

Result!

Comments