قالب وردپرس درنا توس
Home / Tips and Tricks / How to create rogue APs with MicroPython on an ESP8266 microcontroller «Zero Byte :: WonderHowTo

How to create rogue APs with MicroPython on an ESP8266 microcontroller «Zero Byte :: WonderHowTo



For a hacker, there are many benefits to creating a fake network. One advantage is forcing devices nearby to use their real MAC address if you are on a network stored in their preferred network list.

There are many tools out there to create fake access points. Spacehuhn has designed one called Beacon Spammer which is based in Arduino and lets you create hundreds of artificial networks, all spammed regularly with different MAC addresses. We can even create fake access points that have passwords, which can deceive smartphones that have encrypted networks stored on the OS.

In this article we will create an elementary version of Beacon Spammer in MicroPython. The advantage of doing so is that a beginner can get started creating a fake access point with just a few lines of code, and it works against both encrypted and unencrypted networks stored in nearby users' phones. The big difference here is that we create real fake networks, while Beacon Spammer doesn't, so it can only work so quickly.

However, we can have precise control right out of the box without having to do a full bunch of Arduino code. We can control the MAC address, the name of the network, the channel on which it works, if it is hidden, and even gain access to authentication modes like WEP, which is not supported in the Arduino IDE.

For a hacker, something like Beacon Spammer can be used to find a bunch of different networks for nearby devices to connect to, then create the best possible fake networks to take over people's devices, carry out phishing attacks or whatever else as the hacker wants.

What You Need

To follow you need an ESP8266-based microcontroller, such as the D1

Mini or NodeMCU. These cards are cheap and easy to find on sites like AliExpress and Amazon.

You also need a computer with Python3 installed and a Micro-USB cable to connect to the card, as well as an Internet connection to download the MicroPython firmware binary.

Step 1: Install MicroPython on ESP8266

To get MicroPython on your ESP8266-based card, you must have Python 3 and ESPtool installed. Then you need to connect your card to your computer, identify its serial port, delete the card, download the firmware binary and flash the firmware to your card.

We have gone through all of this in detail in our previous guide on getting started with MicroPython on ESP8266 microcontrollers. Visit the guide, specifically steps 1 to 5, to make everything clear, then come back here to continue.

Step 2: Enter MicroPython REPL

When you are ready, it is time to connect to the REPL command line interface for MicroPython on the ESP8266 card. Use the following screen + serial port + baud rate format in a terminal window, and be sure to change the serial port number with it for your device.

  ~ $ screen SERIAL_PORT 115200

MicroPython v1.11-8-g48dcbbe60 on 2020-05-11; ESP module with ESP8266
Type "help ()" for more information.
>>> 

To make sure you are communicating properly with your board, you can test it with some simple code like:

  >>> x = "Hello world"
>>> print (x)

Hello World 

Step 3: Install Adafruit Ampy

Before we proceed, we need a way to upload MicroPython files to the ESP8266-based microcontroller. Here we will use Adafruit Ampy, which you can install on your computer with:

  ~ $ pip3 install adafruit-ampy

Collection of adafruit ampy
Download https://files.pythonhosted.org/packages/59/99/f8635577c9a11962ec43714b3fc3d4583070e8f292789b4683979c4abfec/adafruit_ampy-1.0.7-py2.py3-none-any.whl
Requirement already met: click / usr / lib / python3 / dist package (from adafruit-ampy) (7.0)
Collection of python-dotenv (from adafruit-ampy)
Download https://files.pythonhosted.org/packages/57/c8/5b14d5cffe7bb06bedf9d66c4562bf90330d3d35e7f0266928c370d9dd6d/python_dotenv-0.10.3-py2.py3-none-any.whl
Requirement already met: pyserial in / usr / lib / python3 / dist package (from adafruit-ampy) (3.4)
Install collected packages: python-dotenv, adafruit-ampy
Adafruit-ampy-1.0.7 python-dotenv-0.10.3
Once Ampy is installed we can use the format ampy --port / serial / port run 

You can use Jupyter Notebook, which is how we do it in our Cyber ​​Weapons Lab video above. We've also shown how to use MicroPython in the Jupyter Notebook with an ESP8266 device in our NeoPixel holiday lighting project, so you can refer to it for help. We also strongly recommend checking out Marcello's post about Towards Data Science that goes through getting MicroPython to run on Jupyter Notebook, which explains everything in an easy-to-understand way.

Step 4: Creating the MicroPython program [19659007] Making the code that creates a false access point, in our case "Zero Byte Wi-Fi," is quite simple. You can copy and paste the code below to work with it in a blank document, which you can create with nano. We called the file "fakeap.py" (you can call it whatever you want).

  from time import sleep
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap.active (true)
ap.config (essid = SSID)
ap.config (authenticmode = 0, channel = 1)

ssidList = ["Null Byte Wi-Fi"]

while true:
for i in the range (0, len (ssidList)):
newConnect (ssidList [i])
sleep (.5) 

In the script, we have created a function where, when we submit the name of a network, it creates a station; it sets it to "True"; it sets the ESSID or name the name of the SSID that we have specified; and then it sets the authentication mode. For the authentication code, we used "0" (zero) for open and "1" for channel so that it only broadcasts on channel 1.

  from import import sleep
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap.active (true)
ap.config (essid = SSID)
ap.config (authmode = 0, channel = 1) 

In our code, "ssidList" defines the names of the names that we want to appear as fake APs. We only use "Zero Byte Wi-Fi" as an example, but you can also add others; just separate them with commas, so:

  ssidList = ["Null Byte Wi-Fi","Google Starbucks","TWCWIFI"] 

Then we created a loop that says "while true" (which is forever). In it we use "for in within range (0, len (ssidList)):" where 0 (zero) is the beginning of our ssidList and "len" is the length. For the length you just need to list "ssidList" which determines the length. If you have a false name there, it will be from 0 to 1, but if you have a hundred it will be from 0 to 100.

Then run "newConnect" for "I" as we specified, which goes through all false names. It transfers this to the "newConnect" command we created earlier, and it runs each of our fake names through that loop over and over with a delay of 0.5 seconds.

  while True:
for i in the range (0, len (ssidList)):
newConnect (ssidList [i])
sleep (.5) 

In the end, what it looks like is an endless loop that goes through our false names and creates a false network for each. After 0.5 seconds, it moves on to the next name. The result is:

  from time import sleep
import network

def newConnect (ssid):
ap = network.WLAN (network.AP_IF)
ap.active (true)
ap.config (essid = SSID)
ap.config (authenticmode = 0, channel = 1)

ssidList = ["Null Byte Wi-Fi"]

while true:
for i in the range (0, len (ssidList)):
newConnect (ssidList [i])
sleep (.5) 

Save the file by typing Control-X and Y to confirm.

Step 5: Run the file on your board [19659007] Once we have saved the file on our computer we can run it on the ESP8266 card. Replace the serial port number with the one for the unit. You should see the code start running on your board.

  ~ $ ampy --port SERIAL__PORT run fakeap.py 

If you want your code to be run at startup, you must replace the "main.py" file on the board. You can upload your Python file and replace the main.py file on the board with the following command.

  ~ $ ampy --port SERIAL__PORT put fakeap.py /main.pyebrit19659015uut With this command, our board will run the program we just uploaded. It will not make it as a loop, like an Arduino, unless it is specified as an endless loop in the code. In our case, we did. The infinite loop runs forever and doesn't give the board a chance to start, but you can stop the program in the REPL series by pressing  Control-C  and then delete the board. 

Step 6: Observe Traffic in Wireshark

To see what is happening you can use Wireshark. In it, you can create a filter to see only the packages from all the names of your fake APs, so it just looks for them.

When you run the MicroPython code on ESP8266, it will try to attract nearby devices to connect to one of your fake APs. You can see different things, such as activities coming from the MCU and others aimed at it. If you see it later, nearby devices have recognized a fake AP name and are trying to connect.

For more information on viewing data, check out the Cyber ​​Weapons Lab video above.

It takes no more than a Few Lines of MicroPython!

This was just a brief introduction to how to start manipulating Wi-Fi networks and MicroPython. In general, if you want to start creating fake networks that reveal devices near real MAC addresses, it doesn't take much more than a couple of lines of MicroPython code. The ability to do this in a browser is super neat, so you should check out how to use it in Jupyter Notebook.

There are now some limitations to the fake networks we create with MicroPython. For example, we are turning up real networks, unlike Spacehuhn's Beacon Spammer. So instead of just sending a bunch of packets suggesting that there is a network there, we create real ones, and that limits the speed we can use to create many of them.

If we wanted to do this evenly, we could pop up a phishing site or try to get people to submit references to access free public Wi-Fi that doesn't exist. But we just wanted to show you how easy it is to get started with Wi-Fi with MicroPython.

Want to start making money as a white hat hacker? Get started on your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.

Buy now (96% discount)>

Cover image by georgejmclittle / 123RF

Source link