Fluxion-esp8266 a cheap wifi cracker

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with (hopefully) less bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering (phising) attack.If you need quick help, fluxion is also avaible on gitter. You can talk with us here

This modified fimrware allows not only to perform deauth attacks using the ESP8266 against selected networks. You could also run in the meantime a captive portal. Because it is really cheap and very easy to use it makes this attack so effective.

The ESP8266 has a build in SoC which is programmable using your Arduino.
I modifyed spacehuhn existing project and add a couple of features which I missed such as a working redirection to the portal site or a DNS resolver.

The deauth attack will, if the connection is vulnerable, disconnect the devices from the network. Because the attack is running constantly, the devices will be disconnected again and again. Depending on the network, that can either block a connection or slow it down.

The deauth attack works by exploiting an old and known vulnerability in the 802.11 Wi-Fi protocol. Because these deauthentication frames, usually used to close a Wi-Fi connection safely, are unencrypted, it's very easy to spoof them. You only need the mac address of the access point, which you can sniff easily. If you don't want to attack all connected devices, you can also scan for connections and attack them specifically.

• Deauth attack
• Captive portal
• Beacon and probe request flooding

Protection against deauth attacks is not so easy. With the 802.11w-2009 the WiFi protocol became encrypted management (and deauthentication) frames. This makes spoofing these packets way harder and the attack, in this form, ineffective. Use a router which support these protocol. If it doesn't support it yet the vendor maybe include this in newer firmware or you could use an custom firmware for your router like OpenWRT.

Using the 802.11w-2009 protocol it is required that both systems support this. You could also build your own router which is recommended since nearly every "plastic router" is vulnerable.

I use the NodeMCU but you could also use another device. I like the NodeMcu because it is very easy to use it doesn't require much wires and you don't need a programmer since it is on the chip. Thats why I go with the NodeMCU Lua Lolin V3 Module. For this type of chip it is not very cheap and if you have an programmer already you should only buy the chip without any module. Thus are new I would recommend these one. You can buy them on amazon.

You only need to do 1 of the given installation methods.

Installation is very simple if you use a precompiled version. You only need to flash the the bin file using the esp flash tool:

1. Upload the bin using the esp flash tool of your choice

   • nodemcu-flasher
   • esptool-gui
   • esptool

2. Thats all

Make sure you change all the required settings and follow the instructions. Sometimes the flash process start not automatically, you have to press the flash button. Use this combination if it is not working.

1. Press the Reset Button for 10 seconds.
2. Press the Flash Button in combination with the Reset Button for 5 seconds
3. Release the Flash Button
4. Release the Reset Button

1. Download the source code of the project or clone it with
   git clone https://www.github.com/FluxionNetwork/fluxion-esp8266

2. Go to File -> Preferences and add
   http://arduino.esp8266.com/stable/package_esp8266com_index.json
   to the additional boards manager URLs.

3. Go to Tools -> Board -> Boards Manager

4. Type in esp8266 and select version 2.0.0 and click on Install

5. Go to File -> Preferences

6. Open the folder path under More preferences can be edited directly in the file

7. Copy the user_interface.h inside the misc/sdk_fix folder to
   packages -> esp8266 -> hardware -> esp8266 -> 2.0.0- > tools -> sdk -> include

8. Copy ESP8266Wi-Fi.cpp and ESP8266Wi-Fi.h to
   packages -> esp8266 -> hardware -> esp8266 -> 2.0.0 -> libraries-> ESP8266WiFi -> src

9. Depending on your board make adjustments and make sure the settings are correct e.g.

   • Flash size
   • Board type
   • Flash frequenz

Fluxion gets weekly updates with new features, improvements, and bugfixes. Be sure to check out the changelog.

This is how the original fluxion attack work. The esp8266 version works slightly different.

• Scan for a target wireless network.
• Launch the Handshake Snooper attack.
• Capture a handshake (necessary for password verification).
• Launch Captive Portal attack.
• Spawns a rogue (fake) AP, imitating the original access point.
• Spawns a DNS server, redirecting all requests to the attacker's host running the captive portal.
• Spawns a web server, serving the captive portal which prompts users for their WPA/WPA2 key.
• Spawns a jammer, deauthenticating all clients from original AP and luring them to the rogue AP.
• All authentication attempts at the captive portal are checked against the handshake file captured earlier.
• The attack will automatically terminate once a correct key has been submitted.
• The key will be logged and clients will be allowed to reconnect to the target access point.

This Methode requires not very much exept:

• esp8266 chip
• flash tool
• usb cable

Additional it require:

• Arduino IDE
• Esp8266 libary

For development I use a combination of vim, nvim and tmux. For everyone who is interested here are my dotfiles. They are really clean and I do all my best to improve these.

Thanks for all hard work to spacehuhn. He does really good work here and most of the source code is from him so defintly take a look at him.

• Authors do not own the logos under the /attacks/Captive Portal/sites/ directory. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research.
• The usage of Fluxion to attack infrastructure without prior mutual consent could be considered an illegal activity, and is highly discouraged by its authors and developers. It is the end users responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.

• deauth attack:
  https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack
• deauth frame:
  https://mrncciew.com/2014/10/11/802-11-mgmt-deauth-disassociation-frames/

Please report issues/bugs, feature requests and suggestions for improvements to the issue tracker.