This project is for testing and educational purposes. Use it only against your own networks and devices. I don't take any responsibility for what you do with this program.
WiFi captive portal for the NodeMCU (ESP8266 Module) with DNS spoofing.
This project can steal any Wi-Fi passwords in simple way. It uses a fake update page
to get the password from the user. You just need to edit the Wi-Fi SSID name and the password will be posted to the ESP8266.
The built-in LED will blink 5 times when a password is posted.
Warning! Your saved passwords will not disappear when you restart/power off the ESP8266.
Note: If you want to see the stored passwords go to "192.168.4.1/pass". For changing the SSID, go to "192.168.4.1/ssid"
This is the main page. Here the user will write his password and send it.
This is the post page. The user will be redirected here after posting the password.
This is where the attacker can retrieve all the passwords that has been posted.
Here the attacker can change the SSID name of the Access Point on the go.
-
Download ESP8266 Flasher.
-
Download the NodeMCU-Captive-Portal.ino.bin file.
-
Open the ESP8266 Flasher and select the Node MCU port
- Then, go to the config tab and select the .bin file you've just downloaded.
-
Finally, go back to the first tab and press "Flash"
-
Your Node MCU is ready!
-
Open your Arduino IDE and go to "File -> Preferences -> Boards Manager URLs" and paste the following link:
http://arduino.esp8266.com/stable/package_esp8266com_index.json
-
Go to "Tools -> Board -> Boards Manager", search "esp8266" and install esp8266
-
Go to "Tools -> Board" and select your board
-
Download and open the sketch "NodeMCU-Captive-Portal.ino"
-
You can optionally change some parameters like the SSID name and texts of the page like title, subtitle, text body etc.
-
Upload the code into your board.
-
You are done!