Hi,
I would like to be able to realize MitM attacks between two LAN devices (not WAN/LAN) from the Omnia, using for example mitmproxy.
This post is very similar to a previous one I made here, but this time I actually want to intercept the traffic on the Omnia.
This is the situation:
- The WAN interface is connected and configured to provide Internet access to the LAN devices
- The two LAN devices are connected to two of the LAN ports
So far, by simply running tcpdump on the Omnia, the only packets I am able to see are the one that are adressed to, or coming from the Omnia itself and not any direct communication between the two lan devices.
After some research, this seems to make sense, as from what I have seen in the documentation, every lan port is connected to the switch-chip and not directly to a ethx (CPU) interface. I suppose the packets are being switched before getting to any ethx (CPU) interface.
I figured one way to intercept the packets is to link one LAN port to the eth0 CPU interface and link the other LAN port to the eth1 CPU interface. This way the SoC would have to do the routing and thus, would have access to the packets.
However, as mentioned in this issue (Omnia, kernel 5.15: All switch ports use the same CPU port (#363) · Issues · Turris / Turris OS / Turris Build · GitLab), it seems that multi-CPU DSA is not implemented in the 5.15 kernel used in Turris OS 7.
So far, I tried to install the latest snapshot of OpenWRT which is using a 6.6 kernel (with multi-CPU DSA) but it seems that the switch driver (mv88e6xxx) still does not implement changing the CPU interface associated with the switch port, as when trying to link the lan3 port to the eth0 CPU interface I get the following :
root@OpenWRT:~# ip link set lan3 type dsa conduit eth0
Error: dsa_core: Driver does not support changing DSA master.
So my question is: Does someone knows a way to intercept direct communication of the two LAN devices from the Omnia? Either by using the eth0 and eth1 interfaces or any other way?
Thanks in advance.