Remote Wifi Sniffing Station with an ESP8266
HTML-код
- Опубликовано: 11 сен 2024
- You can use ESPthernet to turn an ESP8266 into a remote wifi sniffing station. Turns out it's not that hard.
Hackaday article on ESPthernet: hackaday.com/20...
Github: github.com/cnlo...
Patreon: / cnlohr
Still holds up 6 years later
One improvement I would add is getting an RJ 45 connector with the built-in magnetics as makes it smaller
I've found most of those are usually slightly bigger but not always. At the least, they're definitely not cheaper.
@@CNLohr however they do improve reliability most of the time so you can weigh that with cost especially if you’re getting them from AliExpress because they are good enough from there when they call them ethernet transformer RJ 45
Where did you find the information about port 6648? (nc 10.2.10.5 6648)
How about connecting lots of ESP to a RTL8316 16 port RMII to create a ESP cactus sniffer ?
Could you have one esp sniff, wired to a 2nd one to send the info to your network? Or cant they talk to each other though wired connections?
+xecoq Absolutely, but because of the packet size limitations, it wouldn't be practical.
check out WebSocketSerialMonitor
github.com/tzapu/WebSocketSerialMonitor
are there a library from ESP8266 in Proteus 8 ? i want it pliz
Would it be possible to make the ESP8266, capture mac adresses than for each one switch to normal wifi mode and connect to your own wifi network and post it with a GET or POST request, then switch back to monitor mode and do it over and over again?
I am pretty sure it would be possible :).
So is it possible to use two of these ESP-12e(I meant replace the LAN circuit with another ESP-12e) and make it complete wireless? :D
+eAffiliation Yes, but... but... That's not the point *sigh* you guys.... Wanting to do things that are useful...
+CNLohr this will be useful too, one scenario, you can keep this in pocket while it is sniffing and use the smart phone to connect it to and do some stuff while you're roaming around. :P
I understand. I will think about it. I could see some applications of that.... Dunno, the ESP32's got Bluethooth AND wifi, so.....
Could you set up a frame work of home automation triggers generated by proximity of your phones mac address? Or is there a more secure token?
+Jonah Taylor That's actually a really good idea!! You totally could set it up to do a trigger when it sees a specific device broadcasting a browse request.
+Jonah Taylor That was the first thing i though of as well, It would be neat to have it set as a reverse beacon, so it detects you , then switches to STA and sends the event somewhere, even back to your phone to tell you your here, or perform anything else of course.
Have a look at tasker (app), it can do what your asking if i understand the question right.
For example i have it set up where as soon as i pull in the driveway of my home after 8pm my porch lights turn on automatically.
How this works is phone>connects to wifi > tasker checks time, if after 8pm then sends commad via ssh to flip relay>porch lights turn on.
I use 433mhz and a RPi instead of esp but it wil work the same with your the setup you are speaking of.
Any advantage in using this instead of a standard wifi module in monitor mode?
This is weird?
One use I can see for wifi sniffing is to find available APs/routers/whatever and then choose one to connect to. Every project I've seen so far, you have to specify in the sketch ahead of time what one SSID the device will be connecting to. Useless to my thinking if you want to take it from home to the library, to the coffee shop, to a convention, etc. without having to reprogram the sketch every time.
If you don't use arduino, there's a lot of options as far as a GUI, etc. For instance ESP82xx starts up as an AP, you can connect to with your smart phone and using the GUI select an AP put in a password and connect.
Wireshark can tell were traffic is flowing too, but of course except for were it is going it probably is encrypted and not readable. You need to have the RSA keys to do that.
Is there somebody who can send me a version of this that doesnt require ethernet/can run on just the esp board! So it does like the same thing and show device distance etc. Would be grateful asf.
It doesn't really work that way. You can't just rebroadcast packets like that.
A simple question, can ESP8266 monitor how much packet is transmitted from a WiFi router to a client? I'm making a project that auto disconnect clients if they hog my bandwidth but they can still browse as long as they are not reaching the threshold.
that would best be done on the AP itself. The ESP cannot see encrypted packets.
Hmmm.. I think I can use the value of "Since seen"
So, the ESP is essentially running as a monitor mode wifi adapter over ethernet?
+William Shipley Yep!
+William Shipley The possibilities!
Can you capture or forward raw tcp packets, like all traffic targeted at the ip ?
Only if it was receiving the packets. I don't think Espressif's current thing works that way, though you could probably get there eventually.
So... Uhm... Why does wireshark need root if you're piping the packets straight to stdin?
+Allan Stirling THAT IS A REALLY GOOD QUESTION. When I run it this way it complains and says "Couldn't run /usr/bin/dumpcap in child process: Permission denied"
I've seen a few projects on github like this that allow the ESP to just display WiFi probes over USB/serial but this is pretty interesting could be cool if you could link to ESP's together for one to monitor and on for transmitting as a wireless bug.
2.4 GHz spectrum analyzer? :)
+piitsen Dunno if the ESP gives you that level of clarity.
+CNLohr how would you describe the needed level of access to the rf part?
really narrow band, arbitrary frequency selection.
narrow band receiving might be a problem since it was designed for 802.11 which is 20 MHz/Channel.
why would there be steeper rx filters configurable?
As far as is easily exposed, you just get to pick channels, the part handles re-tuning, etc.
Waiting for my esp8266 traveling throug time and space.
Meanwhile wondering if it can be used for indoor GPS system. If it possible to retrive signal strength value from this cutie ?:O
+zZkamexZz Signal strength is on the right... But, signal strength is not a good metric for localization. Only precision packet timing - which the ESPs do NOT do that I'm aware of.
Your android device is in tether mode so it is not actually sniffing. Have you tried catching ethernet frames from hosts connected to the same network as your Esp8266? Is it even possible?
+fredro not really... though you can see the data frames, just not the data inside since it's encrypted.
Is the reverse true?? How would one sniff MAC addresses of clients trying to connect to a ESP8266 that is in Access Point mode? Is that even possible?
www.esp8266.com/viewtopic.php?f=32&t=5669
+CNLohr Thanks but this is a bit different than what I envisioned. Think of your phone that has wifi on and scans available networks. Can I program the chip to broadcast an SSID so when the phone during the network scan finds the SSID its Mac address gets sniffed? - all that assuming that the phone actually broadcasts something ...
It does, but most phones now do mac scrambling so you can't identify them :-/
great job! i am new to this so maybe you know what i am looking for. I want to make a program that displays(on Arduino serial monitor) all WiFi devices around the esp. I thinks it is called passive scanning. any ideas how I could do that?
Yep. The ESP has a library call for showing all nearby APs, and their power!
CNLohr any chance that you know the library?
It's part of the main user interface.
bool wifi_station_scan(struct scan_config *config, scan_done_cb_t cb);
Heres my arduino AP scanner, for clients you would have to do like above switch into promiscuous and log all the traffic, there are a few of these on github already.
gist.github.com/tablatronix/497f3b299e0f212fc171ac5662fa7b42
did you found the command that it turns it in promiscuous mode with arduino IDE . I only found scripts that works with de SDK not arduino
Could you use this for WiFi SLAM?
+Nathan Imig You could try, too bad Rx power really isn't that good of a mechanism of seeing signal power.
Can we have a location with these informations ?
it can't calculate it, but you can tell the specific nodes apart.
Hi dude we need fluxion for esp
Haven't watched the video yet, would PoE be possible?
+tommihommi1 If you use the proper design, with magnetics, yes, yes it would. I guess you could also half-bake your PoE and just provide power over the unused pairs.
Can someone hypothetically run a phishing device from the web server on the esp
promoting it as free wifi or something and phishing
Totally can be done. Wouldn't be that hard.
can you make a tut or point me in the direction
I mean, not really... you ca make it appear as any network you want. I can't remember how, but you can hook the IP stack and pass packets that are going to the internet off to some other server and pass them back, getting all the data inbetween... but, I think using a TP Link or something like that and sniffing the hardwire connection may be easier.
Are you sure you need sudo there?
+ISFiYIywAFIBc6qAIIIIIIIIIIIIIIIIQrXTJiCtY3Asd4WF I did, but I fixed it by adding the sticky flag to /usr/bin/dumpcap
Very good project.
This would be great with a scanning directional antenna.
That's a really cool idea, I've never tried to do anything like that.
Your stuff blows my mind. I've never been this interested in electric engineering.
This opens up many oportunities. I wouldn't be surprised if you could make it into a tiny wifi router.
Indeed you could! I don't know why technology excites me so much, but I am really glad that excitement was successfully imparted to you.
Which propose it is used explain briefly then I like your video
Thank you.
Good, except for the limited packet size.
smart job!!!!salute!!!
very interesting project. Nice job. Cheers
Thanks!
Nice one 👍🏻
mind = blown. Very cool!
I'm still not convinced that it isn't an April fool prank.
+suraj bhawal I thought I was the only one.
+SolidMPH Y'all are gonna have to just go download and compile the source from github.
+CNLohr Alrighty then!
CNLohr what if the purpose of the source code is to render our ESPs unusable? again belated april fool's prank?
+suraj bhawal Hey, if I can make firmware that permabricks your $3 ESP, I think that alone would be worth bricking an ESP for a Hackaday article!
i love the video, but i want to come over and like help u organize
sweeeeet
Thank god for Https :)
crazy
fuckin awesome!!!!!!!!
un botto
Please, please learn to shoot video. I had to stop watching