Snoopy
Snoopy: A distributed tracking and data interception framework
Install / Use
/learn @sensepost/SnoopyREADME
_______ __ _ _______ _______ _______ __ __
| || | | || || || || | | |
| _____|| |_| || _ || _ || _ || |_| |
| |_____ | || | | || | | || |_| || |
|_____ || _ || |_| || |_| || ___||_ _|
_____| || | | || || || | | |
|_______||_| |__||_______||_______||___| |___|
V0.1
"Amy, technology isn't intrinsically good or evil. It's how it's used. Like the Death Ray."
-Professor Farnsworth
Welcome to Snoopy; a distributed tracking and profiling framework. Snoopy is a work in progress, so please feel free to submit suggestions and/or corrections. This document outlines basic usage. To understand the background a little more, have a look at the following:
- Snoopy: A distributed tracking and profiling framework
- ZaCon4 - Glenn Wilkinson - Terrorism, tracking, privacy and human interactions
- INTRODUCTION AND OVERVIEW ============================= Snoopy consists of four components:
- Client software (aka Snoopy Drone software)
- Server software
- Web interface
- Maltego transforms
a. Snoopy Drones
The client side software runs on what we call "Drones". A Drone can be any Linux based device that has a WiFi interface (with injection drivers) and outbound internet connectivity. Snoopy has been tested on a Nokia N900 and a laptop running BackTrack. The Drones perform the following two operations:
- Collect Probe SSIDs from nearby wireless devices
- Offer a Rogue Access Point for nearby wireless devices to connect to
Collected probe requests (e.g. Bob's iPhone looking for BTHomeHub-4123) are uploaded to the Snoopy server at regular intervals. All devices that associate to the Rogue AP have have their Internet served via the Snoopy Server.
b. Server Software
The server populates all probe requests into a database, and uses Wigle to determine GPS coordinates, and Google Maps to determine street addresses (and street view photographs). This means that if you're probing for your home network, I may get a photograph of your house.
Each Drone connects to the server over OpenVPN, and has its own subnet. Associated clients receive an IP address from the Drone, and route traffic via it. This means that on the server we can match client IP addresses (and therefore MAC addresses) to internet activity.
On the server, the following happens:
- Internet traffic is transparently proxied through Squid, which logs all requests to MySQL
- SSLStrip attempts to rewrite webpages without HTTPS
- mitmproxy.py allows arbitrary injection into web pages
- Various scripts run to extract Social Media data (e.g. pulling Facebook profiles)
The network diagram looks like so:
Client1 Drone1 Snoopy Server
+----------+ +-----------------------+ +-----------------------+
| wlan0-|<---WiFi--->|-at0 | | eth0|<-squid-sslstrip-mitmproxy->Internet
| | | | 10.2.0.1 | | 11.22.33.44| |
| dhclient | | | | | | Traffic inspection
| | | | tap0-|<-openvpn----->|-tap0 | Social media analysis
+----------+ | | 192.168.42.2 | +--/| 192.168.42.1 |
10.2.0.2 | +-----------------------+ | +-----------------------+
| |
| | route 10.2.0.0 via 192.168.42.2
| | route 10.3.0.0 via 192.168.42.3
Client2 | |
+----------+ | |
| wlan0-|<---+ |
| | |
| dhclient | |
| | |
+----------+ |
10.2.0.3 |
|
|
|
Client3 Drone2 |
+----------+ +-----------------------+ |
| wlan0-|<---WiFi--->|-at0 | |
| | | | 10.3.0.1 | |
| dhclient | | | | |
| | | | tap0-|<-openvpn--+
+----------+ | | 192.168.42.3 |
10.3.0.2 | +-----------------------+
|
|
|
Client4 |
+----------+ |
| wlan0-|<---+
| |
| dhclient |
| |
+----------+
10.3.0.3
c. The Web Interface
Walter wrote a web interface for Snoopy. It can be accessed from http://your-snoopy-server.com:5000/
d. Maltego Transforms
Several Maltego transforms exist to graphically explore collected data (see below for more info).
-
INSTALLATION ================ Server installation should be straight forward. It's only been tested on a stock install of Ubuntu 12.04 LTS 32bit. Changes are made to several server components, so it's highly recommended to run the install script on a base installation, and not run much else on that box (if anything). If in doubt, go through the install.sh file and manually make the changes. Otherwise, just run (./install.sh) the installer.
-
USAGE ======== Once installation is finished you should just be able to type 'snoopy' for the server menu to load. If not (or in doubt) go to the home directory of the user created during the installation phase. Inside the 'snoopy/server/' directory there is a 'snoopy.sh' file which you may run. Below is the menu:
+---------------------------------------------------------------+ | Welcome to Snoopy V0.1 | | SERVER SIDE | | | | SensePost Information Security | | research@sensepost.com / www.sensepost.com | +---------------------------------------------------------------+ Date: Thu Nov 1 16:37:08 CET 2012 Snoopy Server Status: Stopped Connected Drones: 0 Wigle User: setYourWigleAccount Would you like to: [1] (Re)Start Snoopy server components [2] Stop Snoopy server components [3] Manage drone configuration packs [4] Configure server options [5] Set web traffic injection string [6] Observe logs [X] Exit [?] Help -
Creating drone packs Option [3] in the menu will allow you to create client side 'packs' for your Drone devices. Each Drone gets its own OpenVPN and SSH keys, DHCP ranges, and routing tables. You will be provided with a download URL per Drone device. Make sure your server and drone have their time set correctly or the VPN connection will not establish.
-
Installing and Running Snoopy on the Drone You may have up to 100 drones (if you want more, check the source or email me, there's no actual limitation). Installation consists of downloading the configuration pack from the previous step, and running the relevant setup script. For the Nokia N900 an icon will be placed on your Desktop. e.g.:
haxor@drone001# wget http://snoopy-server.com/secretdir/drone001.tar.gz haxor@drone001# tar xzvf drone001.tar.gz haxor@drone001# cd snoopy && ./setup_n900.sh -
Looking up SSID Locations Create an account on www.wigle.net, and set your credentials via 'Configure server options'
-
Web Interface You can access the web inteface via http://your-snoopy-server:5000/. You can write your own plugins to traverse and display data. Walter's made is easy for you (check the appendix to this document).
-
Exploring Data with Maltego In the Snoopy server menu go to 'Configure Server Options' > 'Maltego'. Here you will see URLs for downloading Snoopy entities, machines, and URLs for transforms. In order to use Maltego transforms you will need to:
- Add Snoopy entities to Maltego
- Create an account on http://cetas.paterva.com/TDS/
- Login to cetas.paterva.com/TDS/
- Create a seed on cetas.paterva.com/TDS/
- Add the transform URLs to the created seed
- Add the seed in Maltego (Manage > Discover Transforms (Advanced)
- Enter the name as 'Snoopy', and the seed URL as your seed
- Add the Snoopy machines to the machines section
Each Snoopy entity can have different transforms applied to it. Drag the 'Snoopy' entity on to your graph to get started. If you don't specify a start or end date in the entiti
Related Skills
node-connect
335.2kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
82.5kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
335.2kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
82.5kCommit, push, and open a PR
