Install OS :

Install last version of raspbian on your SD card

Configure both wlan :

configure /etc/network/interface to use wlan0 as DHCP client, and wlan1 as fixed IP address

auto lo wlan0 wlan1
iface lo inet loopback

iface wlan0 inet dhcp
   wpa-ssid "Your Network SSID"
   wpa-psk "Your Password"

iface wlan1 inet static
   address 192.168.74.1
   netmask 255.255.255.0

Restart then wlan0 to access internet

sudo ifdown wlan0
sudo ifup wlan0

Configure DHCP server :

install isc-dhcp-server :

sudo apt-get install isc-dhcp-server

Then configure isc-dhcp-server

sudo vim /etc/dhcp/dhcpd.conf

authoritative # remove comment

# add theses lines
subnet 192.168.74.0 netmask 255.255.255.0 {
  range 192.168.74.10 192.168.74.250;
  option broadcast-address 192.168.74.255;
  option routers 192.168.74.1;
  option domain-name "local";
  option domain-name-servers 8.8.8.8, 8.8.4.4;
}

Then make dhcp server listen to wlan1 :

sudo vim /etc/default/isc-dhcp-server

And update that line :

INTERFACES="wlan1"

And restart the service

sudo systemctl restart isc-dhcp-server.service

And check service via

sudo systemctl status isc-dhcp-server.service

configure wlan1 as Access Point :

sudo apt-get install hostapd

Then create configuration file

cd /etc/hostapd/
sudo cp /usr/share/doc/hostapd/examples/hostapd.conf.gz .
sudo gunzip ./hostapd.conf.gz

And change following lines :

interace=wlan1
driver=rtl871xdrv # note that driver depends of your wifi dongle
bridge=br0
ssid=changeme
channel=3
auth_algs=1
macaddr_acl=0
wpa=2
wpa_passphrase=changeme
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

To launch it at boot, you need to edit configuration :

vim /etc/default/hostapd

DAEMON_CONF="/etc/hostapd/hostapd.conf"

sudo systemctl restart hostapd.service

And check service via :

sudo systemctl status hostapd.service

Note, if you’re using the edimax dongle using driver rtl871xdrv like me, you’ll need to patch hostapd like explained here : https://github.com/pritambaral/hostapd-rtl871xdrv

Here are the steps to make it work with that dongle.

First, get pritambaral patch :

cd /home/pi/
git clone https://github.com/pritambaral/hostapd-rtl871xdrv.git

Then, add sources repository to raspbian :

sudo vim /etc/apt/sources.list

Refresh list and get hostapd sources.

sudo apt-get update
cd /home/pi
apt-get source hostapd

We’l also need some dependencies :

apt-get install libnl-dev libssl-dev

Then apply the patch :

cd wpa-2.3
patch -Np1 -i /home/pi/hostapd-rtl871xdrv/rtl871xdrv.patch

And add realtek driver to hostapd config

cd hostapd
cp defconfig .config
echo CONFIG_DRIVER_RTW=y >> .config

make

And replace package :

sudo chown root:root hostapd hostapd_cli
sudo chmod 755 hostapd hostapd_cli
sudo mv hostapd hostapd_cli /usr/sbin

And restart service :

sudo systemctl restart hostapd.service
sudo systemctl status hostapd.service

Redirect traffic from wlan1 to wlan0 :

Execute following lines

sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
sudo iptables -A FORWARD -i wlan0 -o wlan1 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan1 -o wlan0 -j ACCEPT
sudo sh -c "iptables-save > /etc/iptables.up.rules"

to reload iptables rules at boot by adding that script to rc.local :

sudo vim /etc/network/interfaces

up iptables-restore < /etc/iptables.up.rules

And edit sysctl to persist ip forwarding :

sudo vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

By now, your Raspberry Pi should work as a basic gateway.

Install and configure MITM proxy :

sudo apt-get install python-pip python-dev libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
sudo pip install mitmproxy

Create the payload :

cd /home/pi
wget https://gist.githubusercontent.com/paulgreg/e3c80ea35c96a62d4bd0/raw/3bf5183fb1c2f1617839ff977ba8045168b60ec2/unicorn.py

Change rules to act as a transparent proxy :

sudo vim /etc/iptables.up.rules

*filter
:INPUT ACCEPT [191:79895]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [224:45790]
-A FORWARD -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan1 -o wlan0 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [10:625]
:INPUT ACCEPT [8:480]
:OUTPUT ACCEPT [14:833]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -i wlan1 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8080
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT

Then start mitmproxy :

mitmproxy -T --host

If that’s ok, start mitmdump :

/usr/local/bin/mitmdump -T -s /home/pi/unicorn.py

You can then connect to any HTTP website and it should add random unicorns on each visited page.

To intercept HTTPS traffic, first visit http://mitm.it from device and install the certificate authority (check first checkbox when importing certificate). After that some HTTPS traffic can be intercepted.

If satisfied, run that at boot

sudo vim /etc/rc.local

And add this line before exit 0 :

/usr/local/bin/mitmdump -T -s /home/pi/unicorn.py &

Optionnally, you can connect a small TFT screen :

Configure screen as described in project # Retropie with a 2.2" LCD screen.

Optionnally, set a hardware button to turn Pi off :

Solder a button (you can use GPIO 23 on Pi 2) )and, get the script shutdown.py.

Add then an entry in crontab :

sudo crontab -e

@reboot sudo python /home/pi/shutdown.py

Avoid wifi dongle to sleep :

As explained on that blog, edit /etc/modprobe.d/8192cu.conf :

sudo vim /etc/modprobe.d/8192cu.conf

and add :

# Disable power management
options 8192cu rtw_power_mgnt=0 rtw_enusbss=0