Follow us

Eavesdroppers & snoopers might be stealing your data while you browse the internet

Using Linux tools and utilities to prevent packet sniffers and eavesdroppers from stealing your network data by encrypting all data transmitted from your system in the network.

Published: August 6, 2021 By Rakesh Naik

Title image for Eavesdroppers & snoopers might be stealing your data while you browse the internet

Do you frequently use public networks to access the internet? Do you worry that your data might be stolen from your network? Or are you an aspiring penetration tester hoping to make it in the world of network security? Well, you've come to the right place, my friend!

This is an article solely dedicated to the Linux aficionados who enjoy network security and would like to make sure that no one is sniffing your network traffic with hopes of stealing some data.

No one likes a snoop, especially when it comes to sensitive data that you send over your computer network to your friends, family, colleagues etc. This lack of security mainly occurs due to the lack of proper security mechanisms.

A proper security mechanism that would prevent malicious attackers from misusing the data would be encryption. Implementing an encryption standard in your network to handle all transmitted data would make sure that the data stolen by hackers would end up unusable.

In this article, we will be looking at the need for encryption for all network traffic. We will then move on to look at 3 different methods that can be implemented in your Linux system to mask or encrypt your network traffic and even mask your own location while browsing the internet.

 

Why encrypt the traffic?

Data sent over the internet, in the form of data packets, is usually referred to as internet traffic. These data packets may have a multitude of information ranging from personal messages to friends or loved ones to login credentials of a government official to his office computer and network.

Data sent over the internet, be it through wired connections or over a wireless connection, can be tapped and stolen by malicious users. Once stolen, the data can be misused by the malicious party for their own benefits through various means.

Usually, such data is transmitted in the form of data packets. With the right tools, an attacker can capture these data packets through an attack called a packet sniffing attack. After being captured, the attackers will be able to view this data using basic visualisation tools.

The structure of a simple and basic data packet showing the various sections in the data packet

Image Source – “Design of a Wearable Sensing System for Human Motion Monitoring in Physical Rehabilitation” scholarly article
[by Lara Gonzalez-Villanueva, Stefano Cagnoni, and Luca Ascari]

This is where data encryption or traffic encryption comes into play.

Encrypting the data packets means simply using an encryption algorithm to generate unintelligible cypher text corresponding to the plain text in the transferred information. This encrypted data can only be decrypted into the original information with a secret key that is possessed by the receiver.

When encrypted, the data, even if stolen by a hacker, would make no sense and would end up being useless to them. They would need possession of the decryption key or secret key of the algorithm in order to decrypt and make any sense of the data.

The Tor browser using TorIptables2

Tor is a secure web browser that uses encrypted Tor “nodes” to send user data through to the recipient. These nodes are a bunch of virtual tunnels or relays that are randomly chosen for any given transmission of data.

However, the steps can slightly vary on macOS due to the entirely different nature of operating systems. But, the core concept remains the same.

The Tor browser opened in a Windows computer

The encryption method used by Tor is known as Onion routing, aptly named so due to its multi-layered wrapping form of encryption for any given piece of data. This encryption has to be then “peeled” one layer at a time by the recipient for the process of decryption.

There are mainly 3 types of nodes used by Tor, namely – entry or guard node, middle node, and exit node. As the names suggest, the entry node is the one that connects the sender to the Tor network, the exit node connects the receiver to the Tor network, and the middle node is the network of nodes in the Tor circuit through which the data is transmitted.

When a sender attempts to connect to and send data to the receiver, the onion routing algorithm selects a random sequence of nodes to connect the sender to the receiver. These nodes are usually publicly available or can be selected from a private list of nodes known as bridge nodes.

The sender, through the Tor browser that encrypts the data, connects to the entry node and transmits the information to it. This then transmits data to the middle node, which connects to a series of internal nodes in the Tor circuit to finally reach the exit node and then the receiver.

The sender ‘Alice’ sending a data packet to receiver ‘Bob’ through a Tor circuit

Image Source – tails.boum.org

Each node only has knowledge of its adjacent nodes to which the data is sent to or received from, and has no knowledge of the entire path from source to destination.

While everything in the Tor circuit will be encrypted, the only point that might not be encrypted could be the connection from the exit node to the receiver. This mostly occurs when a non-secure data transfer protocol is used such as HTTP, which is inherently a less secure data transfer protocol.

To encrypt all your internet traffic using Tor, a simple Linux utility known as TorIptables2 can be used. TorIptables2 is a script that sets up iptables and Tor to route all internet traffic through Tor circuits using an entry, middle and exit node setup.

Installing and using TorIptables2

Before all installations on your Linux machine, open up a terminal using Ctrl+Alt+T, and run the below commands.

  1. sudo apt-get install update
  2. sudo apt-get install upgrade

To install Tor in any Linux machine, all you need is a terminal and sudo user privilege. To install Tor, use the commands listed below.

  1. sudo apt-get install tor
  2. sudo systemctl start tor

If you instead want to run Tor at system start-up rather than having to start it manually, you can simply use the command,

  1. sudo systemctl enable Tor

Next, use the following commands to install the TorIptables2 utility

  1. git clone https://github.com/ruped24/toriptables2
  2. cd toriptables2/
  3. sudo mv toriptables2.py /usr/local/bin/
  4. cd
  5. toriptables2.py -h

The utility also comes with 3 support options:

  1. -h, --help to view help page and exit
  2. -l, --load to view all iptables rules
  3. -f, --flush to flush all current iptables rules and set them to default

Running TorIptables2

To run the TorIptables2 utility and redirect all traffic via the Tor circuit, use the command

  1. sudo python2 toriptables2.py -l

The Tor network additionally also keeps changing your IP to ensure that it can’t be traced back to you. If in case you feel like the current settings or nodes used by this process is slowing down your internet connection, simply reload the process using the command

  1. sudo kill -HUP $(pidof tor)

The TorIptables2 running and masking your location while encrypting traffic data

 Image Source – en.kali.tools

Virtual private network or VPN using OpenVPN

A VPN or a virtual private network is a private network that extends over the public network and encrypts all the data transmitted within the network. A VPN makes all connections in a network more secure by encrypting all data making stolen data impossible to decipher.

Comparison of an internet connected computer with a VPN and without a VPN

 Image Source – sucuri.net

It also redirects user connections through a remote server, much like the Tor circuit, which makes it quite impossible to trace the location of origin.

Other benefits of the VPN include accessing regional data that might be restricted for your current location, scalability of a network without additional infrastructure, avoid any censorship laws in the country etc.

VPNs are especially useful when you send data over public networks or work networks that can be accessed by people other than yourself. Public networks refer to networks at public places such as coffee shops, libraries, restaurants etc.

There is quite a lot of VPN software that is available to be used for such use, most of which are free. For more information regarding VPNs and finding out which VPN suits your needs, check out our article Best VPN Services 2021.

The OpenVPN server user login page opened in a browser

 Image Source – openvpn.net

In this article, I shall be looking mainly at the OpenVPN software as it is quite popular and free, the latter being a more enticing feature. OpenVPN uses a 256-bit AES encryption standard along with strong cyphers, making any sniffing attacks useless. The software can even work using secure ports such as 443, making it work like a normal HTTPS connection.

Installing OpenVPN

To begin, first, open a terminal on your Linux machine using Ctrl+Alt+T, and enter the following commands,

  1. sudo apt-get install update
  2. sudo apt-get install upgrade

Next, to download and install the OpenVPN repositories, enter the commands,

  1. sudo wget https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub
  2. sudo apt-key add openvpn-repo-pkg-key.pub
  3. sudo wget -O /etc/apt/sources.list.d/openvpn3.list https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list

Replace $DISTRO with the current Linux distro that you are using with the up-to-date release name. Next, install the OpenVPN package by entering the command,

  1. sudo apt-get install openvpn3

Now that the OpenVPN software has been installed, we can proceed to start using the VPN to mask our online traffic.

Running OpenVPN

To run the OpenVPN, you first require a configuration file for each server that you intend to access. These can be usually downloaded using their link and the wget command in the Linux terminal.

Once the configuration file is downloaded, you can use the following command to run the OpenVPN process.

  1. openvpn3 session-start --config ${CONFIGURATION_PROFILE_NAME}

If in case you would like to view all the configuration profiles in the system, simply use the command,

  1. openvpn3 configs-list

Finally, if you need to stop or restart the VPN service, use commands,

  1. openvpn3 session-manage --config ${CONFIGURATION_PROFILE_NAME} –disconnect
  2. openvpn3 session-manage --config ${CONFIGURATION_PROFILE_NAME} --restart

Stunnel as SSL/TLS wrapper

Stunnel is an open-source application used to encrypt data transfer between a client and a server machine. It can provide SSL/TLS encryption to clients that don’t use the service natively. It uses public-key cryptography through the OpenSSL library, and the authorised clients can be authenticated through a certificate.

Stunnel usually works by running on a specified port, listening for any traffic being sent through it. When it captures any data on this port, stunnel encrypts this data and then sends it to the original recipient who was meant to receive this data.

The stunnel connection between a client and a server

Image Source – docs.eggplantsoftware.com

Disclaimer:

Using stunnel requires a certificate from the Certification Authority to be used by the stunnel server. While self-signed certificates are viable, they are to be used only for testing purposes and private networks. Any form of public or production network would require the actual certificate signed by the Certification Authority.

Installing and configuring stunnel as a TLS wrapper

First, we need to ensure that the Linux system we are using is up-to-date. As a root user, firstly open the terminal using the shortcut keys Ctrl+Alt+T and run the following commands.

  1. apt-get install update
  2. apt-get install upgrade

Next, we need to install the stunnel packages using the command,

  1. yum install stunnel

Next, you require a valid certificate signed by the Certification Authority in order to use the stunnel service. However, if your intention is to use stunnel for testing purposes or in a private network (not at the workplace), you can simply use a self-signed certificate.

For our purpose, let’s explore how to create a self-signed certificate for the stunnel. To do this, enter the directory /etc/pki/tls/certs/ and as the root user, type the following command

  1. make stunnel.pem

You will now have to answer a few questions to complete the process. Once you have the certificate, you will need to create a configuration file for stunnel, and you can use /etc/stunnel/stunnel.conf for creating this configuration file.

The following content can be used to configure the stunnel as a TLS wrapper,

cert = /etc/pki/tls/certs/stunnel.pem

; Allow only TLS, thus avoiding SSL

sslVersion = TLSv1

chroot = /var/run/stunnel

setuid = nobody

setgid = nobody

pid = /stunnel.pid

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1
[service_name]

accept = port

connect = port

TIMEOUTclose = 0
  • cert — the path to the stunnel certificate
  • sslVersion — the version of SSL used
  • chroot — the changed root directory that’s used to run stunnel
  • setuid, setgid — the user ID and group ID for the stunnel process; the value ‘nobody’ is a restricted system account
  • pid — the save location for stunnel process ID, relative to chroot
  • socket — local and remote socket options
  • [service_name] — defining the service along with options below to apply only to the particular service
  • accept — the port to listen on for new outgoing data
  • connect — the port to connect to which means that this is the port that the service uses
  • TIMEOUTclose — seconds to wait before close_notify alert from the client
  • options — OpenSSL library options

Once the configuration file is created, for safety, make sure that the port specified in the configuration file is not blocked by the system firewall.

Running stunnel

Now that we’ve installed and configured stunnel as a TLS wrapper, we are ready to run it and begin encryption of data being sent between the client and server. To start the stunnel service, simply login as a root user, open terminal and enter the command,

  1. stunnel /etc/stunnel/stunnel.conf

By default, the output of stunnel will be logged at /var/log/secure. To terminate or kill the stunnel service, use the command,

  1. kill `cat /var/run/stunnel/stunnel.pid`

Just a point to note is that, if you make any changes to the stunnel configuration file, you will have to restart the stunnel service entirely for these changes to take effect.

Conclusion

Even though it might look secure, data traffic being sent over a network is quite vulnerable to various forms of attacks, such as the sniffing attack. Once the hacker steals these data packets, they can simply access the data being sent and misuse it for their personal gains.

Encryption of traffic data exists to prevent just this, and in our article, we explored this concept in detail in the Linux operating system. We looked at the need for traffic encryption and went on to explore 3 different methods, namely – Tor, VPN, and stunnels, that can be used to encrypt traffic data.

I hope you enjoyed reading this article, and if so, please consider leaving a comment below. There are many more ways of encrypting traffic data, and if you’d like us to do more articles on those methods, let us know!

Author
Rakesh Naik
Freelance Cyber Security Analyst and Writer practicing in Infosec Assessment.

Leave a comment

click to select