Analyze traffic flows – PiRogue will help

What will the compact software and hardware platform based on Raspberry Pi offer. The decision was submitted to open source – on GitHub there is a code and other information.

/ unsplash.com / Cheikh Tidiane Ndiaye
/ unsplash.com / Cheikh Tidiane Ndiaye

Reborn project

Four years ago, a group of developers from the French information security company Defensive Lab Agency introduced the PiRanhaLysis toolkit. It includes three components: a) utility PiPrecious for network analysis, b) solution PiRanha to work with mobile devices and IoT networks, c) PiRoguea small packet handling device.

The project was overloaded with functionality and did not develop as fast as the authors wanted. Therefore, it was recently relaunched under the old-new name – PiRogue tool suite (PTS). Interestingly, it consonantly with the traditional name of boats and canoes of African and Asian peoples – feastaboutha (pirogue).

The system is a software and hardware platform for analyzing the traffic of mobile devices (smartphones on iOS, Android and IoT devices). But you can monitor any device connected via Wi-Fi. Esther Onfroy, an information security specialist, is responsible for the development. It helps journalists, non-profits and private organizations resist hacker attacks on mobile devices.

What the new PiRogue can do

At the heart of PiRogue lies Raspberry Pi that acts as a network router and analyzes traffic on the fly. The system operates in one of three modes. The first shows which servers the mobile device is communicating with (MITM). The second is needed for network forensics, and the third is for penetration testing and detailed reporting.

To get started with PiRogue, you need a Raspberry Pi 4 Model B (2GB, 4GB, or 8GB) with a power supply, an SD card (minimum 32GB), and an Ethernet cable. Optionally you can make a case and print expansion board Hardware Attached on Top (HAT). Last will allow display warnings on the TFT screen and adjust the speed of the cooling fans.

When the hardware is ready, you need to download PiRogue OS. It is posted on GitHub in repository of the same name. Next, it remains to configure the SD card using the utility Balena Etcher and connect the assembled device to the router.

Image: https://pts-project.org/
Image: https://pts-project.org/

Operating system supplied with preset tools: tcpdump to analyze network traffic, mitm-proxy to work with HTTPS, suricata to detect malicious packages, and Frida – a set of tools that allow you to embed code in other applications. For visualization answers Grafana.

PTS is in the early stages of development, so there are bugs in the work. However, the project is being developed, and a community is beginning to form around it.

Who does something like this

It also allows you to build a network monitoring tool based on Raspberry Pi NEMS Linux. it preconfigured image, which simplifies the deployment of the Nagios server. It can be used to monitor SMTP, POP3, HTTP, NNTP, as well as host resources such as CPU load. Responsible for the development of Robbie Ferguson – co-founder of the webcast about technology Category5.

NEMS Linux is quite popular, but updates are rare. Earlier release versions happened twice a year, but latest update took place in 2020.


What else we write about in the VAS Experts corporate blog:


Similar Posts

Leave a Reply