قالب وردپرس درنا توس
Home / Tips and Tricks / So nicely sniffing Wi-Fi data packets with an ESP8266 «Zero Byte :: WonderHowTo

So nicely sniffing Wi-Fi data packets with an ESP8266 «Zero Byte :: WonderHowTo



If you want to get started with sniffing Wi-Fi networks, you usually need to start with a wireless network adapter. But thanks to a Wi-Fi sniffing library written in Arduino and the extremely cheap ESP8266 chip, you may not need one. For less than $ 10 in electronics, you can build a small Arduino Wi-Fi sniffer that saves Wireshark-compatible PCAP files and fits anywhere.

Sniffing Wi-Fi packages allow you to learn a lot about the wireless landscape of an area. Even without the Wi-Fi password, you can learn about the types of devices that are nearby, which devices are connected to which networks, and more information that may be useful to a hacker. But to get started with this you usually have to invest in a wireless network adapter that gives you more control than the average consumer adapter.

Although there is much debate about which wireless network adapter is the best, it can be expensive to test which one is right for you. If any simple sniffing is all you are looking for, it turns out that a cheap, easy-to-use software micro-role can work well instead.

ESP8266 for Wi-Fi Recon

The ESP8266 microcontroller can be programmed in the Arduino and comes with Wi-Fi integrated, as seen by the printed antenna on the board. These boards are also dirty, which causes many manufacturers to add them to development boards that add useful features like a USB port to connect for easier programming of the device. While you see many different types of ESP8266-based microcontrollers, they all have the same chip in the middle with the distinct antenna pattern.

One of the most popular development boards for the ESP8266 is the D1 Mini. These boards, copied to a large extent by a number of manufacturers, are dirty and begin at about three dollars. They allow a number of pins to be used to connect to sensors or screens, and while they do not have as many pins as NodeMCU, the D1 Mini is also half the size.

Due to the popularity of manufacturers, there are many add-on "shields" that are sold next to the D1 Mini, which can be stacked on top of each other to add functionality. One of the most useful D1 Mini screens is an SD card module for reading and writing data to a microSD card.

Picture of Kody / Null Byte

Spacehuhns Arduino PCAP library

Thanks to Stefan Kremser, also known as Spacehuhn, an easy to use libraries for generating WIRESHAR readable PCAP files are loaded on an ESP8266 in minutes. While the ESP8266 is much less powerful than most wireless network adapters, it is very cool to be able to read Wi-Fi networks using nothing but a microcontroller.

There are some limitations to this and in general this library will work better on the more powerful ESP32, which costs a little more. The trade-off is the cost, and because you can get a D1 Mini plus a data log shield for less money (depending on where you shop) it is easy to accept the limitations of using a small, inexpensive microcontroller.

When you have the library on the ESP8266 device, you need to get the data it reads from it. One of the best ways to do this is with a serial connection that allows you to write data to the computer from the microcontroller via serial port. While it is impressive to see results in Wireshark come from a small microcontroller, we instead focus on a small, disconnected version that saves the traffic that logs on to a microSD card.

This form factor can be used to hide in an area where many people should create a list of MAC addresses belonging to them, such as passive Wi-Fi sniffers that can show that a device was in an area at a particular time or as a way to understand the network layout in an area and which devices are authorized to connect to which network. With the small D1 Mini you can hide sniffs in almost anything.

What You Need

First, you must have an ESP8266-based device such as NodeMCU or D1 Mini. I highly recommend the D1 Mini because it is exactly the right size to use with the next important piece of the puzzle, the SD card reader.

The SD card reader is important if you want to save data on a microSD card. I recommend the D1 Mini Data Logger Shield as mentioned earlier, which you can actually get quite cheap. This lets you just solder the pins and hold them together to create a Wi-Fi data logger. It contains a real-time clock, which means that you can write time stamped data to any formatted microSD card you have.

You also need a soldering iron to solder the headings that come with the D1 Mini and the data logger screen on the D1 Mini and the data logger screen. Finally, you need a microSD card formatted with a Fat32 file system. Exfat doesn't work, I tried it.

At Amazon: RobotDyn IoT Kit with D1 Mini, USB Cable and Data Logger Shield

The free platform Arduino IDE allows us to quickly prototype what we need, so make sure you have it installed on your computer. The integrated development environment Arduino allows us to quickly write and upload scripts to Arduino-like microcontrollers.

Step 1: Install New Arduino Library

To get this project to work, we need to install some libraries that enable everything to communicate. We need the microcontroller radio to save packages to the microSD card, so that means we need libraries to communicate with the microSD card and interpret the radio signals in meaningful data to save. Installing any library in Arduino is quite simple and usually with some useful examples to build on.

To start, in the Arduino IDE, open the "Arduino" folder where Arduino IDE saves your sketch files. You should see a folder named "Library" that should be saved in the location listed below for your operating system. If you add a library here, it will appear in the Import Library menu.

  • macOS: ~ / Documents / Arduino / libraries /
  • Windows: My Documents Arduino libraries

In a terminal window, change directory in the folder where your Arduino libraries are held and then use provided clone to copy the Arduino PCAP archive, Arduino Time Library and ESP8266 dependent on GitHub.

  cd ~ / Documents / Arduino / library /
click here https://github.com/spacehuhn/ArduinoPcap.git
git clone https://github.com/PaulStoffregen/Time.git
git klon https://github.com/esp8266/Arduino.git

This is the folder that Arduino IDE checks for custom libraries each time it starts. In general, there are two ways to add a library. You can click "Sketch" in the top menu "Include libraries" and finally "Manage libraries" to open the search bar.

Here, you can search for libraries that are popular in the community and load them instantly. This is one of the easiest ways to download things like the neopixel library from Adafruit or the SdFat library needed to write to our microSD card. Enter "sdfat" and download the SdFat library by clicking "Install". This makes it possible for us to include it in any of our sketches from now on.

Close and restart Arduino IDE to make sure they are all loaded. [19659033] Step 2: Install the control library

Now we have to tell Arduino IDE which hardware we are working with. Click the "Arduino" drop-down menu and then select "Preferences". Then paste the following URL into the field Additional control addresses . Click "OK" to continue. This should add ESP8266-related boards to the list of boards we can install.

  http://arduino.esp8266.com/stable/package_esp8266com_index.json 

To add the specific D1 Mini we use, you must click "Tools", then turn over the "Board" section to see the list of supported boards. At the top, click on "Boards Manager" to open the window that allows us to add more boards.

When the Boards Manager window is opened, type "esp8266" in the search field. Select "esp8266" from the ESP8266 Community, and install it to add support for the D1 Mini to your Arduino IDE. It may already be installed from the previous step, but be sure to update it if an update is available.

Now you should see a section called "ESP8266 modules" under the "Board" selector. Choose the "WeMos D1 R2 & mini" card, and you should be ready to go.

Step 3: Change all settings in the code

To Open a sample list to work with, go to the Arduino menu and then click on File -> Example -> Arduino Pcap. Here you should see an example called "esp8266_pcap_sd" – open the sketch, because we use it as a template for what we send to the D1 Mini. If you want to do this on the more powerful ESP32, you can follow the same steps and choose ESP32 instead.

When the sketch is open, see the most important configuration settings.

  // ===== SETTINGS ===== //
#define CHANNEL 1
#define FILENAME "esp8266"
#define SAVE_INTERVAL 30 // save new file every 30th
#define CHANNEL_HOPPING true // if it will scan on all channels
#define MAX_CHANNEL 11 // (needed only if channelHopping is true)
#define HOP_INTERVAL 214 // i ms (needed only if channelHopping is true) 

Let's start setting up so we can cheat effectively. First we set the channel for the device to turn over. The most common network channels are 1, 6 and 11, so we set this to 6.

  #define CHANNEL 6 

Then we decide how long we want to wait before the file is saved microSD card. The D1 Mini doesn't have so much memory, so do it every 30 seconds or so is a good idea. You can also name the file that generates something different here. Increased time leads to larger file sizes but higher chances of the device becoming overwhelmed with too much traffic.

  #define FILENAME "esp8266"
#define SAVE_INTERVAL 30 // save new file every 30th 

Now, let's decide if we want to channel hope or not. This makes it possible for us to see traffic and devices with other channels, but will also cut a lot of packages when switching between networks and making them useless. As a result, this is a choice between getting a lot of packages from many different channels or focusing on a channel without worrying about fragmentation. In our example, we will avoid fragmentation by setting the value to false.

If we choose to channel jump, we can specify how high the channel also goes. In the US, Wi-Fi networks do not use channels over 11, but other countries do. For this, however, it is only useful to set it to 11.

  #define CHANNEL_HOPPING false // if it will scan on all channels
#define MAX_CHANNEL 11 // (needed only if channelHopping is true) 

If we have chosen to activate channel hopping, we can scale back some of the damage assessment to our sample by specifying the next value longer. A longer value here means more time to sniff on each channel, leading to less packet fragmentation from samples.

  #defin HOP_INTERVAL 214 // i ms (only necessary if channelHopping is true) 

Our control settings should now see something like this.

  // ===== SETTINGS ===== //
#define CHANNEL 6
#define FILENAME "zero byte"
#define SAVE_INTERVAL 30 // save new file every 30th
#define CHANNEL_HOPPING false // if it will scan on all channels
#define MAX_CHANNEL 11 // (needed only if channelHopping is true)
#define HOP_INTERVAL 214 // i ms (needed only if channelHopping is true) 

Step 4: Connect the hardware together

Now is the time to connect the hardware. If you got your D1 Mini and a data log shield online, you need to braze the pins, which is surprisingly easy (trust me). With the D1 Mini, make sure that you are soldered into pin heads so that you can connect the data log into, as in the example below.

Picture of Kody / Null Byte

If you do not want to braze and want to support Spacehuhn's work, you can also buy a board from their online store.

Step 5: Press the code and sniff package

Now is the time to connect everything. Insert the microSD card into the module, connect the USB cable to your computer and the D1-mini, and click the "Tools" menu and then the "Port" section. You should see a "Serial" port listed, which can already be selected. If not, choose this. If you do not see the correct serial port, it probably means that you do not have the correct driver installed to see the D1 Mini's USB interface and must install it.

When you see serial port, you are ready to print the code! First, check that the code is compiled without any errors by clicking on the checkbox at the top left of the screen. Then click on the arrow button next to the check box to send the code to the D1 Mini.

When this is done, click "Tools" and then "Serial Monitor" to see the status of the D1 Mini. Set the baud rate to 115,200, as it will look like random characters otherwise.

If you see a message as above you have success! You can log PCAP files to the SD card and as soon as you finish logging, you can unplug the device, pop out the microSD and load them into a computer to see the results.

With a small coin cell battery to operate this, your logger can operate independently as long as the SD card is in place and the battery has power. Some interesting ideas for saving power can also be to add a passive infrared sensor to just turn on when motion is detected, and log in Wi-Fi traffic from nearby devices whenever people are detected as present.

Deviations with the ESP8266 [19659005] While the Arduino PCAP library is a great way to get started with sniffing, there are a lot of limitations. The ESP8266 does not have a series of more powerful wireless network adapters, and it is much more likely to corrupt frames or otherwise lack recording packages for various reasons.

One thing to keep in mind is that there will always be several channels The sniffer cannot listen to while scanning on a particular channel, so if you collect Wi-Fi traffic by scanning through each channel, you will likely get a lot of fragmentation. Instead, it allows the sniff to listen to only one channel making it more likely to capture everything, provided you know which channel your target network is on.

I hope you had this guide to sniff Wi-Fi on an ESP8266 microcontroller! If you like this project and want to see more, you can support Spacehuhn at Patreon. And if you have any questions about this tutorial on ESP8266 or if you have a comment, please post it below or find out on Twitter @KodyKinzie .

Don't miss: Log Wi-Fi Probe requests from Smartphones and laptops with Probemon

Cover photo and screenshots of Kody / Null Byte




Source link