Cyberoam BOT
Pole Vaulting Firewalls (Part 1)
You’re reading this on an electronic device which has probably been behind a firewall whether you knew it or not.
The ones you would know about are generally used in public hubs where a lot of people are going to connect to one network. Airports, Starbucks and focus of this article, college dorms.
This is the story of a first year student, who recently started college and moved into the college dorms like many other kids who wanted(or were forced) to become an engineer.
My college network had a firewall named ‘Cyberoam’. It was used to restrict internet access to the people in the network and had various options like blocking certain type of content, restricting bandwidth per user etc.
Content filtering was courtesy to a thing called Deep Packet Inspection DPI and is actually easy to bypass. Story for another time.
Youtube only worked after college hours and each student got credentials and each user was capped at 1GB per day. You connect to the network, get redirected to their gateway website where you login with your credentials and get internet access unless you stop sending those keepalives(close that tab) In this bandwidth problem, also was my solution.
Solution: MAKE FRIENDS. Simple as that. Talk to people.
I talked to daily commuters who were not going to use credentials after classes anyway.
So this went on for a couple of months, i was learning(again) C++ and C and was getting pretty good with syntax at least so i started to learn JAVA because it was the typical B.tech ladder C >> C++ >> JAVA. Talked to a few seniors and climbed it.
After going through thenewboston tutorials and making those ‘animal’ ‘cat’ ‘dog’ classes and learning OOPS, i started meddling with stuff.
In these 7–8 months, things got tiring as i got more and more credentials for accounts. At one point, i had 27 accounts and was downloading 20GB per day.
Why 20 ? Because i can not change accounts day and night, i had JWTs and SWINGs to design for my keylogger(embarrassingly noob i know).
But what if someone else could do it for me?
So i searched mouse and keyboard emulators and how to make them in JAVA.
JAVA had a class called robot.java which allowed you to move mouse to pixels using coordinates, left click, right click and send out key strokes.
Tips for people trying this out:
- The way the clicking works is that you have to click, wait a few milliseconds and release that click for the browser or the system to register it as a click.
- Do not pull your hair when you can’t type out a string properly. The problem is that the characters might not go in the desired order. Solution is to iterate character-by-character and use a few milliseconds latency between keystrokes.
- Now unless you’re typing out hello worlds or haven’t read the documentation, you’re finding something like THIS. You’re welcome.
After getting rid of those problems, i moved my mouse to where the username input was in the browser, clicked inside, typed username, one character at a time, moved down to password and repeated this process. Moved to the login button and clicked on the login button and voila my first STUPID BOT.
Problem solved ? NOPE
How does your STUPID BOT detect if it got internet access or not ?
First approach would be to ping google or something like that but the quality of network in college dorms isn’t ideal for deciding something. 1 GB is a big amount to loose if you only have 27GB and game of thrones season 1–3 1080P pack is 186GB.
So when you run out of 1GB data, the website gateway for cyberoam shows you a message on the lines of “Your data limit has exceeded.”
So i updated the bot to start with logging in with an account and check the message by clicking at the coordinates where the message started, not releasing the click and moving to coordinates where message ended i.e making a mouse drag movement. Then the bot sent Ctrl+C keystrokes to copy and read the clipboard to detect if the account was authorised or not.
Keep in mind, at this point it is just a first year student’s attempt with no knowledge of web requests, sessions, etc. All i knew was the login procedure and a basic understanding of robot.java that i needed to automate this procedure.
So control went like this: If it is authorised, keep checking the message, if not pop another username password from the stack and repeat.
I used a stack because i was learning about data structures in JAVA at that time.
Further more, Created mysql db with 27 accounts, reset and loaded the stack with usernames and passwords from DB at 12:35 when the account bandwidth was reset and there you go, all automatic.
One problem though, the machine is useless once the bot was started because it takes control of mouse and keyboard from you every minute.
Solution: Create a Virtual Machine, NAT it with the host instead of bridged and getting it its own IP on the network, run the bot on the VM and tradeoff 1 GB ram for automated downloading. How that works is the machines are essentially sharing a session, the session that host makes. The host acts as a NAT router for the VM and the VM uses the connection. When host logs in, the internet access is active, similarly if the VM logs in, the internet connection gets activated for the shared connection.
I used virtualbox hypervisor to create and use the virtual machine and went with win 7 inside the virtual machine for conserving ram because the bot was a very small application and did not need much resources.
One year into this place, i was still struggling to find decent quality connection to play online games but bandwidth for downloading tasks 24/7 was not an issue anymore.
All was fine but then everything changed * dramatic thunder storm soundtrack *, including the firewall
Spoiler alert: I learnt Python and web requests, sessions and a whole lot more for the new challenge in second year.
Story for another time.
