April Fools Pranks with a Squid Proxy Server

20 minutes

Introduction

Note: This guide was tested using Ubuntu Server 14.04.4 LTS.

This is a HowTo for setting up Upside-Down-Ternet on Ubuntu. Basically, when a user browses the web, all the images are flipped upside-down. While it’s not useful, it’s quite a good April Fool’s prank.

The process uses a transparent proxy, web server, and script to flip the images. Web traffic is routed to the proxy, instead of the default gateway, which is intercepted by the proxy which then downloads and modifies the images and then serves them back to the client browser.

Setting up the Proxy

The proxy used in this guide is Squid v3.3.8. The IP of this server is 192.168.113.253.

Installation

sudo apt-get install squid

Configuration

Edit the configuration file located in /etc/squid3/squid.conf.

# HTTP Proxy
# http_port 3128
http_port 3128 accel vhost allow-direct

acl lan src 192.168.113.0/24
http_access allow lan

# Cache
cache_mem 1000
cache_dir ufs /var/spool/squid3 1000 16 256

# Logs
access_log /var/log/squid3/access.log squid
cache_store_log /var/log/squid3/store.log
cache_log /var/log/squid3/cache.log

# Funny Program
redirect_program /etc/squid3/april-fool.pl
redirect_rewrites_host_header off
redirect_children 200

Setting up the Web Server

In this section, Nginx will be installed on your computer. You can install Apache if you’d like to.

Installation

sudo apt-get install nginx

Configuration

As the Squid runs with the user proxy. So Nginx should also run with the same user in order to serve the images. So we need to change the first line in the file located in /etc/nginx/nginx.conf.

user proxy

As Nginx is going to provide modified images, a directory where those images are stored needs to be created. Create a directory where the images are to be stored and set the correct directory permissions:

sudo mkdir /usr/share/nginx/html/april-fool
sudo chown proxy:proxy /usr/share/nginx/html/april-fool
sudo chmod 775/usr/share/nginx/html/april-fool

Restart Nginx after you complete the steps above.

Image Script

Install libwww-perl and imagemagick with the following command:

sudo apt-get install libwww-perl imagemagick

Create and edit a file called ‘april-fool.pl’ in /etc/squid3. Paste the following:

#!/usr/bin/perl
########################################################################
# flipImages.pl        --- Squid Script (Flips images vertical)        #
# g0tmi1k 2011-03-25   --- Original Idea: http://www.ex-parrot.com/pete#
########################################################################
# Note ~ Requires ImageMagick                                          #
#    sudo apt-get -y install imagemagick                               #
########################################################################
use IO::Handle;
use LWP::Simple;
use POSIX strftime;

$$debug = 0;                                       # Debug mode - create log file
$$ourIP = "192.168.113.253";                       # Our IP address
$$baseDir = "/usr/share/nginx/html/april-fool";    # Needs be writable by 'proxy'
$$baseURL = "http://".$ourIP."/april-fool";        # Location on websever
$$mogrify = "/usr/bin/mogrify";                    # Path to mogrify

$$|=1;
$$flip = 0;
$$count = 0;
$$pid = $$;

if ($debug == 1) { open (DEBUG, '>>/tmp/flipImages-debug.log'); }
autoflush DEBUG 1;

print DEBUG "########################################################################\n";
print DEBUG strftime ("%d%b%Y-%H:%M:%S\t Server: $baseURL/\n",localtime(time()));
print DEBUG "########################################################################\n";
while (<>) {
   chomp $_;
   if ($_ =~ /(.*\.(gif|png|bmp|tiff|ico|jpg|jpeg))/i) {                         # Image format(s)
      $url = $1;                                                                 # Get URL
      if ($debug == 1) { print DEBUG "Input: $url\n"; }                          # Let the user know

      $ext = ($url =~ m/([^.]+)$/)[0];                                           # Get the file extension
      $file = "$baseDir/$pid-$count.$ext";                                       # Set filename + path (Local)
      $filename = "$pid-$count.$ext";                                            # Set filename        (Remote)

      getstore($url,$file);                                                      # Save image
      system("chmod", "a+r", "$file");                                           # Allow access to the file
      if ($debug == 1) { print DEBUG "Fetched image: $file\n"; }                 # Let the user know

      $flip = 1;                                                                 # We need to do something with the image
   } else {                                                                      # Everything not a image
      print "$_\n";                                                              # Just let it go
      if ($debug == 1) { print DEBUG "Pass: $_\n"; }                             # Let the user know
   }

   if ($flip == 1) {                                                             # Do we need to do something?
      system("$mogrify", "-flip", "$file");
      system("chmod", "a+r", "$file");
      if ($debug == 1) { print DEBUG "Flipped: $file\n"; }

      print "$baseURL/$filename\n";
      if ($debug == 1) { print DEBUG "Output: $baseURL/$filename, From: $url\n"; }
   }
   $flip = 0;
   $count++;
}

close (DEBUG);

Within the script, change 192.168.113.253 to your IP address.

Change the scripts file permissions:

sudo chmod 755 /etc/squid3/april-fool.pl

After editing this file, restart the Squid server with the following command:

sudo service squid3 restart

Networking Setup

Run the following commands to turn your computer into a gateway and redirect traffic to the proxy:

#delete all rules
sudo iptables -F
sudo iptables -t nat -F
sudo iptables -t mangle -F
sudo iptables -X

# Enable routing.
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Masquerade.
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

# Transparent proxying
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128

Setup the Route Running OpenWRT

This router is in the subnet 192.168.1.0/24, having an IP 192.168.113.x. What we need to do in this section is to redirect all HTTP traffic to the Squid server. So we need to set up iptables in this router.

The router is running OpenWrt Chaos Calmer 15.05.1.

First, log in to the router with the SSH command:

ssh root@192.168.1.1

Then, set up traffic redirection:

sysctl -w net.ipv4.ip_forward=1

After that, add the following rules to /etc/firewall.user:

iptables -t nat -A PREROUTING -i br-lan -p tcp --src 192.168.1.0/24 --dport 80 -j DNAT --to 192.168.113.253:3128

Finally, restart the firewall on the router:

/etc/init.d/firewall restart

That’s it, you’re done, enjoy. Here’s the screenshot XD.

Cleaning Up

You will end up with a lot of images in your /usr/share/nginx/html/april-fool directory. Simply add this to your /etc/crontab file:

*/10 * * * * proxy rm /usr/share/nginx/html/april-fool/*

This will clear the /usr/share/nginx/html/april-fool/ directory every 10 minutes.

Reference

The Disqus comment system is loading ...
If the message does not appear, please check your Disqus configuration.

Search
Recent Projects
Recent Posts
Categories
Tags
Who is visiting?