224 Chapter 6 • WRT54G for Penetration Testers
In this chapter, we will explore how the WRT54G series hardware can help you perform penetration
testing and vulnerability assessments. However, you do not have to use it for these purposes. We pre-
sent the material in this fashion because this is how we are using it. Feel free to use the examples in
this book for your own purposes; in fact, we encourage that you do so! Specifically, you can use the
examples that follow to:
 Set up your own OpenVPN server for home or office use
 Set up your own WRT54G OpenVPN client to connect to other OpenVPN servers
 Deploy Kismet Drones and remote 2.4GHz spectrum analyzers for troubleshooting wireless
 Travel with your WRTSL54GS Code Division Multiple Access (CDMA) Internet connec-
tion and use it for general Internet access for you and your friends
The only project listed in this chapter that, other than having some fun with your friends, is
solely geared toward penetration testing is the wireless captive portal that logs
usernames and pass-
words (Airsnarf-Rogue Squadron). However, you could also use this for demonstration purposes to
show the risks of using open wireless hotspots, but remember, always use it with permission.
Tunneling and VPN
If you find that you need to transport data from one computer or network to another securely,
you have probably looked into using some form of vii'tual private network (VPN) technology. VPNs
make it easy to transport data securely, independent of higher-layer applications. For example, later in
this chapter we will discuss Kismet Drone, which sends raw packets to a Kismet server across the net-
work. The Kismet protocol does not implement encryption; however, if you send it across a VPN, the
Kismet and wireless traffic will be secured by the VPN protocol and protected from prying eyes.
VPNs are also very useful for securely connecting remote clients to networks. For example, you
may have a WRT54G at home that you would like to set up as an OpenVPN server. This will allow
you to connect to your network at home from any point on the Internet over a secure tunnel, and
access all of the computers and network resources available on your home network.
WRT54G for Penetration Testers • Chapter 6 225
Using the WRT54G As an OpenVPN Bridged Client
OpenVPN is a very popular open source software package that utilizes Secure Sockets
Layer/Transport Layer Security (SSL/TLS) to create secure VPN tunnels. OpenVPN is very flexible,
and it runs on a variety of different platforms, including Windows, OS X, Linux, and of course, var-
ious firmware on the WRT54G. In this example, we will use OpenWrt, as the OpenVPN packages
are already compiled and available in the package repository.
As security professionals, we can use OpenVPN to our advantage in many ways. First, let's
explore using the WP, T54G as an OpenVPN client and the advantages this provides. Consider the
diagram in Figure 6.1.