Click to enter the Q&A mini program
This article will cover two things: WiFi deauther and WiFi phishing.
ESP8266 WiFi module: There are many of these online, and this one has a baseboard with a Micro USB interface.
WiFi deauther
Scan WiFi devices, block selected connections, create dozens of networks, and confuse WiFi scanners!
Github: https://github.com/spacehuhn/esp8266_deauther
First, you need to download the source code for flashing
Source code release page on Github: https://github.com/spacehuhn/esp8266_deauther/releases
You can use the NodeMCU tool for flashing, or you can use the Arduino IDE tool for compiling and uploading
Here I will demonstrate the methods for uploading with both tools
NodeMCU Github:https://github.com/nodemcu/nodemcu-flasher
There are 32 and 64 bits available, suitable for Windows
Then connect the ESP8266 with a data cable and check the port
For example, in Win7, right-click on Computer, select Manage, find Device Manager, expand Ports, and you will see the port connected to the ESP8266.
Here it is COM3, but your port may not be COM3
If you only see COM1 and do not see the port connected to the ESP8266, it is because you are missing a driver, and you must install the driver. If it still doesn’t work after installing, you can try changing the data cable, as some data cables, especially those that come with phones, do not support data transmission and only support charging.
The installation of the driver depends on the chip of your device
Common chips: CH340 and CP2102. You can check your ESP8266; generally, the CH340 chip is rectangular, and the CP2102 is square. Of course, it is also labeled, so you can check it yourself.
(CH340)
(CP2102
Generally, the CH340 chip is used
Download page:https://sparks.gogo.co.nz/ch340.html
If you download the CH340 driver, you need to pay attention to the following content:
If you are a Mac user and your system is OSX Sierra (10.12), you need to pay attention when installing. If you directly download the driver provided on this page instead of the one provided by users, it may cause crashes. When you plug in your ESP8266 device, it will crash your Mac. The solution is to delete it.
-
Open Terminal and enter: cd /Library/Extensions/
-
Verify if the .kext file exists: ls | grep usbserial.kext
-
The output should be: usbserial.kext
-
Then enter: sudo rm -R usbserial.kext
-
Verify that the .kext file has been deleted: ls | grep usbserial.kext
-
The output should be empty.
-
You should delete the files stored in the receipts folder: cd /private/var/db/receipts/
-
Find entries: ls | grep usbserial*
-
The output should be: codebender.cc.ch34xinstaller.usbserial.pkg.bom and codebender.cc.ch34xinstaller.usbserial.pkg.plist
-
Delete each file in the above list: sudo rm -r filename
Then restart to solve the crash, and download the driver provided by users. The original author also mentioned that the driver provided by users has not been tested, but I tested it, and the result is that it can connect. However, if you are a student using China Telecom and connect to the internet using Chuangyi software, this issue will give you a headache, as it will disconnect automatically every few seconds or sometimes even more than ten seconds, and you need to reconnect, which is very troublesome. Of course, the solution is the same as listed above, delete the driver you just installed. Considering compatibility issues, if necessary, you can install a virtual machine; I used VMware Fusion to install Windows on Mac.
Okay, if you are connected, continue. If not, please check again carefully.
Open NodeMCU, select the COM3 port under Operation, then click Config to load the firmware you just downloaded
Keep the 0x00000 unchanged, then click Advanced, set Baudrate to 9600, Flash size to 1Mbyte
Q: Why set Baudrate to 9600?
A: You can check the back of your ESP8266; it is written there
The Bin I just downloaded is 1Mbyte, so I set Flash size to 1Mbyte, then go back to Operation, click Flash to start flashing. It is a bit slow, and you can see the progress bar in the software and the ESP8266 flashing continuously
After flashing, a green label will appear in the lower left corner, indicating that the flashing was successful.
Then reconnect the ESP8266
Then you will see a WiFi named:pwned which is the WiFi generated by the program we flashed, with the password:deauther
Then connect your computer
Enter the address192.168.4.1, and you will see the program’s Web page.
Author’s note: Warning
This project is a proof of concept for testing and educational purposes. The ESP8266 and its SDK are not designed or built for this purpose. Errors may occur!
Only for your own networks and devices!
It uses valid Wi-Fi frames described in the IEEE 802.11 standard and will not block or disrupt any frequencies. Please check the laws and regulations in your country/region before using.
Please do not refer to this project as a “jammer”; it completely undermines the true purpose of this project! If you do, it only proves that you do not understand what this project represents. Posting content about this without the correct explanation indicates that you are only posting for clicks, fame, and/or money, and do not respect intellectual property, the community behind it, and the pursuit of better WiFi standards.
This is also what I want to express; I wrote this article just to share the knowledge points and pitfalls I encountered during the production process and not to teach you how to attack others. Using knowledge well is important.
I downloaded the latest version; many tutorials online are for earlier versions, some are localized versions, and some are not, but the latest version now supports Chinese.
From the author’s update version description:
Supported Web interface languages:
-
cn Chinese
-
cs Czech
-
de German
-
EN English
-
fr French
-
it Italian
-
RO Romanian
-
ru Russian
-
tlh Klingon
Please note that the 512KB version does not include the MAC vendor list, only the English file for the Web interface.
How to set it up?
First, go to the Settings function, find the LANG option, change en to cn, and then slide down to save
This will be the Chinese interface
When you click on Scan AP, you need to click the refresh button to see the scan results
Then check the box behind and click Attack to launch the deauthentication attack
What is a deauthentication attack?
De-authentication flood attack, internationally known as De-authentication Flood Attack, is a form of denial-of-service attack on wireless networks. It aims to turn a client into an unassociated/unverified state by deceiving the de-authentication frames from the AP to the client unicast address.
The difference between a jammer and a deauther is that you can forge a large number of WiFi in the SSID here, either randomly or with fixed WiFi nicknames
Then go to the Attack section and select the Beacon attack, which is the second option, and then check WiFi to see many interference WiFi that you just forged
Summary of functions
DEAUTH
Disconnect the connection of WiFi devices by sending de-authentication frames to the access point and client device you selected.
This is only possible because many devices do not use the 802.11w-2009 standard that provides protection against this attack.
Please select only one target! When you select multiple targets to run on different channels and start the attack, it will switch quickly between these channels, and you will not be able to reconnect to the access point carrying this Web interface.
Beacon
Beacon frames are used to announce access points. By continuously sending beacon packets, it looks like you have created a new WiFi network.
You can specify the network name under SSID.
Probe
Client devices send probe requests to ask if there are known networks nearby.
Use this attack to confuse WiFi trackers by inquiring about the networks specified in your SSID list.
Your home network is unlikely to be affected by this attack.
0x02 Compile and upload using Arduino IDE
Download Arduino IDE
Then open esp8266_deauther.ino in the downloaded ZIP. If this prompt appears
Right-click properties, change the open method to select Arduino IDE, and if the software is in English, Ctrl + comma to set it to Chinese
Then set up Arduino IDE as shown in the image
You will find that you do not have the NodeMCU version of the development board, so you need to click File to select Preferences (Ctrl + comma), and then add the following website in the Additional Boards Manager:
-
http://arduino.esp8266.com/stable/package_esp8266com_index.json
-
http://phpsecu.re/esp8266/package_deauther_index.json
Then click Tools -> Board -> Board Manager, it will load for a while, then search for esp8266, then install, and then install:
arduino-esp8266-deauther
Note: Install version 2.0.0 of esp8266
Then click the upload button in the upper left corner; uploading takes some time, and the ESP8266 will flash continuously
After the upload is successful, it will display in the lower left corner
0x03WiFi Phishing
This source code comes from a friend online, and it was relatively smooth to flash this source code.
The effect achieved is that it can cover the original WiFi, automatically create an identical shared WiFi, and after clicking connect successfully, it will redirect to the phishing page,
Then when you enter the WiFi password, it can cancel the overlay and restore the original WiFi, but the attacker’s backend will receive the content you just entered.
Download the Flash tool
Click on the blank under the download list to download.
Firmware x599
Open the Flash tool, select the first option, and then set it according to the image. Note that the default file box is not checked; you need to check it yourself, and then all turn green to represent normal. If red appears, it means an error; reopen the software and fill it again.
After setting, click START to start flashing
Completion prompt
After flashing successfully, a WiFi nickname named hh should appear
If it does not appear, please reconnect the ESP8266 or press the rst on the ESP8266.
After completing the above, upload the WEB files
Find the tools file of Arduino IDE, then replace the tools in the source code,
Then open Arduino IDE, create a new project, and save it to a directory, click on the tools and select esp8266 sketch data upload, when prompted to choose no, you will see a prompt like this:SPIFFS Warning: mkspiffs canceled! Don’t mind this.
Then find the saved directory, and a data directory will be generated inside
Then put the phishing source code into this directory, and set it according to the image
Then click on Tools, select esp8266 sketch data upload
Then wait for the upload to complete, and the upload is successful
And if the ESP8266 does not flash, it means the upload is complete,
Then disconnect the ESP8266 and reconnect to hh WiFi, password: m1234567
Then visithttp://192.168.1.1/backdoor.html
If the upload is successful but the page is blank, please set the ESP8266 version to 2.3.0, then re-upload. If it is still blank, please press the rst button on the ESP8266.
When the phished user enters the password, they need to reconnect and reopen the page to see the password entered by the phished user.
If the flashing fails or there is no response after flashing, please try clearing the Flash or flashing an empty .bin of the Flash size.
This is my first article about hardware; as I am just getting started, there may be some errors in the article. Please feel free to point them out. I write such articles with the spirit of sharing and recording, and all content in this article is for knowledge exploration.
Text: Jianying/First review: akuma Second review: viga
↙↙↙ Click “Read the original text” to discuss topics with the author and communicate directly