🗜️Jamming WiFi-S
Pentesting WIFI-S using ESP32
What is ESP32?
ESP32 is a low-cost, low-power Microcontroller with an integrated Wi-Fi and Bluetooth. It is the successor to the ESP8266 which is also a low-cost Wi-Fi microchip albeit with limited vastly limited functionality.
It is an integrated antenna and RF balun, power amplifier, low-noise amplifiers, filters, and power management module. The entire solution takes up the least amount of printed circuit board area. This board is used with 2.4 GHz dual-mode Wi-Fi and Bluetooth chips by TSMC 40nm low power technology, power and RF properties best, which is safe, reliable, and scale-able to a variety of applications.
ESP32 For Hacking/Pentesting
Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.
The ESP32 and many other wifi chips can be used for implementing various Wi-Fi attacks. It provides some common functionality that is commonly used in Wi-Fi attacks and makes implementing new attacks a bit simpler. It also includes Wi-Fi attacks itself like capturing PMKIDs from handshakes, or handshakes themselves by different methods like starting rogue duplicated AP or sending deauthentication frames directly, etc…
There are many firmware that you can use for Attacks, but for demo purpose let's use the popular one.
Installation
There is a popular firmware called ESP8266-Deauther which is an quite popular one. you can create your own firmware by programming it in C and C++ which i will cover later (Currently coding for that) . Download the Bin Version and go to https://esp.huhn.me/ Find your Device and rewrite the firmware.
After you have successfully uploaded . Unplug and Replug it on your Device.
Caution : Plug this tiny Device at an voltage source below 5v . Connecting above 5V will short-circuit the Device.
After Connecting Again you can see an WiFi Named Pwened
The WiFi password for pwned
is deauther
in case you were looking for it
Connect to it and go to `192.168.4.1` on web browser. you will be directed to Home Page
Home Page
The first thing you'll probably see when you open the web interface is a warning that you must confirm to continue.
We felt this was necessary when making it since many users would abuse our tool and spread misinformation about how it works.
Scan Page
On the scan page, you can discover access points (WiFi networks) and stations (client devices) nearby. If the access point list is empty, click on SCAN APS
.
A scan takes a few seconds (usually 2 - 5 seconds). Depending on your board, you might see a LED turning on when starting the scan. As soon as the scan is finished, it turns off, signaling you to click on RELOAD
to see the scan results.
Once you have a list of the access points, you can select them for an attack. But make sure only to select your own networks. Attacking other people's networks on purpose is strictly prohibited!
You can select multiple targets, but it's recommended to select only a single one for stability and performance reasons.
You can also scan for stations to select a specific client rather than an entire network. While a station scan is running, the web interface will be unavailable. You have to wait until it's finished and then reconnect.
SSID Page
This is where you can add, edit and remove SSIDs. An SSID (Service Set Identifier) is the name of a WiFi network. They are used in beacon and probe attacks.
Attack Page
On the attack page, you start and stop WiFi attacks such as Deauthentication, Beacon, and Probe.
You may lose connection to the web interface when initiating an attack, but if you only select one target, you may be able to reconnect to it without problems. Attacks stop after 5 minutes by default. This is intended behavior to prevent abuse.
The pkts/s info is not automatically refreshed to save resources. You have to manually click RELOAD
.
Settings
You can edit device settings here, such as the SSID and password of Deauther's network. But make sure to hit SAVE
after changing something and click on RELOAD
to refresh the site and check whether or not your changes were applied.
END
Thats it . You can use it to attack a single Router but you can't use it to attack High-Bandwidth routers such Ruckus Hi-Models Etc . Attacking Such routers may require more bandwith chips . The Solution for that is to use 2 to 4 ESP'S to takedown Powerful Routers.
Last updated