Introduction: What is Packet Squirrel?
The Packet Squirrel is a nifty little pocket-sized MiTM multi-tool that simplifies Ethernet exploits, provides remote access, VPN based secure connections, packet captures and all that with a simple and easy to use physical button on its side.
If your boss, for the sake of arguments, asks you “Just how secure are we exactly?”, all you need to do is to take this bad boy out of your pocket, connect it to the network, literally flip one switch on its side and show him exactly how deep the rabbit hole goes. It really can’t be any easier than this.
Packet Squirrel: Nuts For Networks [features, hardware, design]
Beside Bash Bunny and WiFi Pineapple amalgamation, Packet Squirrel is a “must have” tool for all sysadmins, pentesters and those who are interested in networking. The beauty of this device is that it’s really, really small. It weighs about 24g, with a smooth black surface and a switch on the side, which you’ll primarily be using when picking between payloads.
Features:
- It can last almost one week on a battery bank (takes 100mA to run) or 0.12A via USB cable.
- Payload customization for scripts written in
Python
,bash
orPHP
in any standard text editor. - As stealthy as you’d expect a tiny man-in-the-middle device to be.
- Configurable LED light for different states.
- Incredibly easy to use console via Linux
SSH
orSCP
as well as Windows support viapuTTY
orwinSCP
. - Packet dump and logs to external memory for later analysis via Wireshark.
Design and Hardware:
- Very small device (Dimensions: 50x40x15mm)
- On top is a configurable LED light indicator to tell you what the squirrel is doing.
- Two
RJ45
Ethernet ports one on each side,micro USB
for power andUSB 2.0
port for storing logs or firmware updates. - Payload Selection and Arming Mode switch
- Lastly a tiny configurable push button to turn off packet capture, which can be incredibly useful if you want to avoid log file corruption.
How it works?
The idea is pretty straightforward. Any data that passes through can be subjected to a myriad of different payloads. The user connects it to a network through Ethernet, configures the desired payloads and sets the switch on the side as needed. The three already included payloads are:
TCP dump
Gathers whatever data passes through the network by grabbing the packets and dumping them into a USB flash drive, which needs to be formatted for NTFS or EXT4. (yummy credentials)
DNS spoof
Permits you to pick any domain you want and redirect any device connected to the squirrel to another IP address, which attempts to connect to that domain.
OpenVPN
Provides remote access/client tunneling. Allows you to secure a network or tunnel within it. Keep in mind that openVPN’s and DNS spoof’s default settings need to be configured by the user.
The 4-way switch allows you to use 3 different payloads and each with their own switch. The last switch position is the arming mode which grants you the access via SSH to the console. From there, you can create/set your own payload written in Python
/ Bash
or PHP
and customize the packet squirrel as you wish.
In this article we won’t go into details about the different kinds of scripts that you can put in it, nor what you can do with them, because sky’s the limit. It all comes down to your creative shenanigans as long as you understand the very basics of networking (or at least how to use WireShark).
Conclusion
If you’re a privacy concerned consumer who is looking for an openVPN client built into a tiny device, or a sysadmin and penetration tester who want to simplify packet transfer or remote access, this is definitely your go-to device. It’s a very simple yet really clever multi-tool. The price is about $60.
The only downside that we can see is the possible need of a power bank. You might not be able to find a power source while you’re dangling upside down from a harness on that high security site you’re penetrating. Otherwise do your self a favor and get this little beauty, you’ll thank us for it.