قالب وردپرس درنا توس
Home / Tips and Tricks / Creating Rogue APs with MicroPython on an ESP8266 Microcontroller «Null Byte :: WonderHowTo

Creating Rogue APs with MicroPython on an ESP8266 Microcontroller «Null Byte :: WonderHowTo



For a hacker, there are many advantages to creating a fake network. An advantage forces nearby devices to use their real MAC address when you come across a network stored in their preferred network list.

There are many tools for creating false access points. Spacehuhn has designed one, the Beacon Spammer, which is located in Arduino and allows you to create hundreds of artificial networks, all of which are regularly spammed with different MAC addresses. We can even create fake access points with passwords, which can trick smartphones that have encrypted networks stored on the operating system.

In this article, we are going to make an elementary version of the Beacon Spammer in MicroPython. The advantage of this is that a beginner can start creating a fake access point with just a few lines of code, and it works against both encrypted and unencrypted networks stored on users' phones. The big difference here is that we will create real fake networks, while the Beacon Spammer does not, so it can only work so fast.

However, we can get precise control right out of the box without having to do a whole bunch of Arduino code. We can control the MAC address, the name of the network, the channel it is working on, whether it is hidden, and even access authentication modes like WEP, which is not supported in Arduino IDE.

For a hacker, something like the Beacon Spammer can be used to find a lot of different networks that nearby devices can connect to, then create the best possible fake networks to transfer people's devices take, conduct phishing attacks or whatever the hacker desires.

What You Need

. To participate you need a ESP8266 based microcontroller, such as the D1

Mini or NodeMCU. These cards are cheap and easy to find on websites like Aliexpress and Amazon.

You will also need a computer with Python3 and a micro USB cable to connect to the board, as well as an internet connection to download the MicroPython. firmware binary.

Step 1: Install MicroPython on the ESP8266

To get MicroPython on your ESP8266-based board, you need Python 3 and ESPtool. Next, you need to connect your board to your computer, identify the serial port, clear the board, download the binary firmware and flash the firmware to your board.

We discussed all of this in detail in our previous guide on getting started with MicroPython on ESP8266 microcontrollers. Visit that guide, especially steps 1 to 5, to get everything ready and then come back here to continue.

Step 2: Enter MicroPython REPL

When you are done, it is time to connect to the REPL command line interface for MicroPython on the ESP8266 board. Use the following screen + serial port + baud rate format in a terminal window and make sure to replace the serial port number with the number for your device.

  ~ $ screen SERIAL_PORT 115200

MicroPython v1.11-8-g48dcbbe60 on 2020-05-11; ESP module with ESP8266
Type "help ()" for more information.
>>> 

To ensure that you are communicating correctly with your board, you can test it with a simple code like:

  >>> x = "Hello World"
>>> print (x)

Hello World 

Step 3: Installing Adafruit Ampy

Before we proceed, we need a way to upload MicroPython files to the ESP8266 based microcontroller. Here we are going to use Adafruit Ampy, which you can install on your computer with:

  ~ $ pip3 install adafruit-ampy

Collect Adafruit-ampy
Download https://files.pythonhosted.org/packages/59/99/f8635577c9a11962ec43714b3fc3d4583070e8f292789b4683979c4abfec/adafruit_ampy-1.0.7-py2.py3-none-any.whl
Requirement already met: click in / usr / lib / python3 / dist-packages (from adafruit-ampy) (7.0)
Collect Python-dotenv (from adafruit-ampy)
Download https://files.pythonhosted.org/packages/57/c8/5b14d5cffe7bb06bedf9d66c4562bf90330d3d35e7f0266928c370d9dd6d/python_dotenv-0.10.3-py2.py3-none-any.whl
Requirement already met: pyserial in / usr / lib / python3 / dist-packages (from adafruit-ampy) (3.4)
Install collected packages: python-dotenv, adafruit-ampy
Successfully installed adafruit-ampy-1.0.7 python-dotenv-0.10.3
Once Ampy is installed, we can use the format ampy --port / serial / port run 

. You could use Jupyter Notebook as we do in our Cyber ​​Weapons Lab video above. We also showed how to use MicroPython in Jupyter Notebook with an ESP8266 device in our NeoPixel Christmas lighting project, so you can refer to that for help. We also highly recommend reading Marcello & # 39; s post on Towards Data Science, which discusses that MicroPython runs on Jupyter Notebook, which explains everything in an easy to understand way.

Step 4: Create the MicroPython Program [19659007] Creating the code that creates a fake access point, in our case & # 39; Null Byte Wi-Fi & # 39 ;, is quite simple. You can copy and paste the code below to work with it into a blank document that you can create with nano. We called the file "fakeap.py" (you can call it whatever you want).

  import time from sleep
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap. active (true)
ap.config (essid = ssid)
ap.config (authmode = 0, channel = 1)

ssidList = ["Null Byte Wi-Fi"]

while true:
for i within range (0, len (ssidList)):
newConnect (ssidList [i])
sleep (.5) 

In the script we have created a function where, when we pass the name of a network, it creates a station; it sets it to "True"; it sets the ESSID or network named by the SSID we specified; and then it sets the authentication mode. For the authentication code we used "0" (zero) for open and "1" for the channel, so it only broadcasts on channel 1.

  from time import sleep
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap. active (true)
ap.config (essid = ssid)
ap.config (authmode = 0, channel = 1) 

In our code, the "ssidList" defines the names of the names we want to display as fake APs. We use "Null Byte Wi-Fi" as an example, but you can also add others; just separate them with a comma, like so:

  ssidList = ["Null Byte Wi-Fi","Google Starbucks","TWCWIFI"] 

Then we made a loop with the text "while True" (which is forever). We use "for i in range (0, len (ssidList)):" where 0 (zero) is the start of our ssidList and "len" is the length. For the length, you just need to enter "ssidList", which determines the length. If you have a fake name in it, it will be from 0 to 1, but if you have a hundred it will be from 0 to 100.

Then "newConnect" is executed for the "i" we specified, which runs through all fake names. It passes this on to the "newConnect" command we made earlier, and it runs all our fake names through that loop over and over with a 0.5 second delay.

  while True:
for i within range (0, len (ssidList)):
newConnect (ssidList [i])
sleep (.5) 

Ultimately, it looks like an infinite loop going through our fake names, creating a fake network for each. After 0.5 seconds it continues with the next name. The result is: Import

  from sleep time
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap. active (true)
ap.config (essid = ssid)
ap.config (authmode = 0, channel = 1)

ssidList = ["Null Byte Wi-Fi"]

while true:
for i within range (0, len (ssidList)):
newConnect (ssidList [i])
drag (.5) 

Save the file by typing Control-X and Y to confirm.

Step 5: Run the file on your board

After saving the file on our computer, we can run it on our ESP8266 board. Replace the serial port number with your device number again. You should see the code on your board start to spin.

  ~ $ ampy --port SERIAL__PORT run fakeap.py 

If you want your code to run at startup, replace the "main.py" file on the board. You can upload your Python file and replace the main.py file on the board with the following command.

  ~ $ ampy --port SERIAL__PORT put fakeap.py /main.py"19659015  With this command our board will run the program we just uploaded it will not do this as a loop like an Arduino unless it is specified as an endless loop in the code In our case we did The infinite loop runs forever and does not give the board a chance to start, but you can stop the program in the serial REPL by pressing  Press Control-C  and then clear the board. 

Step 6: Observe traffic in Wireshark

To see what's going on, please Use Wireshark, in which you can create a filter to see only the packages of all the names of your fake APs, so it only searches for those.

When you run the MicroPython code on the ESP8266, these are trying to lure nearby devices to connect to one of your fake APs You may be different see things like activities that come from the MCU and others focused on it. When you see the latter, nearby devices have recognized a fake AP name and are trying to connect.

Watch the Cyber ​​Weapons Lab video above for more information on viewing the data.

It Takes No More Than A Few Lines From MicroPython!

This was just a short introduction to start manipulating Wi-Fi networks and MicroPython. In general, if you want to create fake networks that reveal the real MAC addresses of nearby devices, it won't take much more than a few lines of MicroPython code. The ability to do this in a browser is super handy, so you should check out how to use it in Jupyter Notebook.

Now there are some limitations to the fake networks we create with MicroPython. For example, we are popping up real networks, unlike Spacehuhn & # 39; s Beacon Spammer. So instead of just sending some packets that suggest there is a network, we create real ones, and that limits the amount of speed we can use to make a lot of it.

If we even wanted to make this eviler, we can open a phishing page or try to get people to submit credentials to access free public wifi that doesn't exist. However, we just wanted to show you how easy it is to get started with Wi-Fi using MicroPython.

Want to make money as a white hat hacker? Start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and receive over 60 hours of training from Ethical Hacking Professionals.

Buy Now (96% Off)>

Cover Photo by georgejmclittle / 123RF

Source link