Okay so my project ended up working decently well. The idea was to make a wifi-auditing device which ran dictionary attacks on nearby wifi networks and sent the discovered data over my phone’s hotspot to a web server that displayed the data.
Site Link: https://wifi-audit.glitch.me/
GitHub Repository: https://github.com/boatshaman/wifi-audit_pind
Equipment:
- 1 x Feather HUZZAH ESP8266 microcontroller
- 3 x leds
- 3 x 220 ohm transistors
- 1 x button
- 1 x 10k ohm resistors
- smartphone to provide wifi hotspot
Process:
First I created the dictionary attack program to attempt to connect to nearby wifi-networks. This used a list of the “100 most common wifi-passwords” and attempts to connect to the nearby wifi SSIDs with the passwords one by one and if it successful then it sends the SSID and password up to the web server I made on glitch.com
The difficult part of this was getting the geolocation of the device and associating that with the cracked wifi SSID/passwords. For this I used this really awesome free API called Skyhook precision location (link). Basically, if you make an account (to get an API key) and send up a POST request with XML data containing the SSIDs (network name), BSSID (mac address), and RSSI (signal strength) of all nearby wifi networks, it will send back a response with the latitude and longitude of your position. You can also specify to receive the street address if available which is really awesome!
All I did was gather all the wifi-data from the ESP8266, send it up to my web server hosted on glitch.com, have the web server turn the data into xml data and POST that to the API service and receive the response. It would parse the XML response and turn it into a javascript object by using this great library!
If for some reason there is an error in the skyhook api or parsing xml or whatever could possibly happy, a page can be queried at /success and it will either contain a 0 or 1 depending on if the site correctly received the coordinates. After sending the wifi information up to the server, the wifi-audit device queries this webpage (wifi-audit.glitch.me/success) and if the site sends back a 0 then the wifi-audit device knows to resend the wifi data to the server, starting the whole locating process again. It does this until the server correctly identifies the location. Once the location is correctly received by the server, any subsequent wifi SSID:pass pairs that are sent up are going to be attributed to that latest geolocation reported.
When the wifi-auditing device is plugged in all one needs to do is press the big blue button and the magic begins. First the wifi-auditor will send up the geolocation to the server. Then it will get all the nearby wifi-networks which it could possibly connect to (meaning no WPA2 Enterprise networks) and attempt to connect to each one by one. If the WAP sends back a disconnected signal (meaning the password was wrong) then it moves onto the next one saving time! Otherwise it waits 8 seconds before moving on. If it finds one that works then the wifi-auditor connects to my smartphones wifi hotspot and sends the data (reliably and legally) to my server!
The websites home page displays the last seen coordinates and then the list page displays all the discovered SSID:password pairs for every location tested. Each location also has a link to a google maps pin of the GPS coordinates as well so its easy to visualize where it was found. Here is some blank passwords it found:
Here’s it cracking wifi’s on the street at 5 am!! :
Huzzah!