Hello. In this article, we will consider the firmware for ESP8266 – EvilTwin. EvilTwin – This is a hacking method. A similar victim access point is created and the real victim point is disabled. When connecting to a fake point, a password entry window pops up, and then we receive the victim’s WiFi password.
ESP8266 module (e.g. NodeMCU or Wemos D1 Mini)
Micro USB cable
A computer with the Arduino IDE installed
Go to the official Arduino site and download the Arduino IDE for your operating system.
Install the program on your computer by following the instructions.
Open the Arduino IDE and go to File -> Settings.
In the “Additional Boards Manager URLs” field, add this URL: http://arduino.esp8266.com/stable/package_esp8266com_index.json. Click OK.
Next, go to Tools -> Boards -> Board Manager, search for “esp8266 by ESP8266 Community” and install it.
Open the DevilTwin repository on GitHub.
Download the entire code by clicking the “Code” button and selecting “Download ZIP”.
Unzip the archive on your computer.
Connect the ESP8266 to the computer using a micro USB cable.
In the Arduino IDE, open the DevilTwin.ino file you downloaded earlier.
Make sure the correct port and board are selected: Go to Tools -> Board -> ESP8266 and select your board (eg NodeMCU 1.0 (ESP-12E Module)). Next, in Tools -> Port, select the port your ESP8266 is connected to.
Press the download button (picture of the arrow to the right) and wait until the code is downloaded to the module.
Connect to the hotspot named “DevilTwin” with the password “12345678” from your phone/PC.
Select the desired target (the list of available access points is updated every 30 seconds – you need to reload the page).
Click the “Launch Evil-Twin” button and reconnect to the newly created access point with the same name as your target (will be opened).
After connecting, make sure you select “Use this network as is” (may vary on different devices).
Go to your browser and navigate to 192.168.4.1/admin.
After that, DO NOT change your target, just start/stop the deactivation and wait for someone to try to use the correct password.
Once the correct password is found, the access point will restart with the default SSID “DevilTwin” with the password “12345678” and at the bottom of the table you should see something like “Password successfully obtained for – SSID – Password.
ESP8266-based DevilTwin is a demonstration of the vulnerability of Wi-Fi networks to EvilTwin-type attacks, showing how important wireless network security is. The use of such technologies allows attackers to obtain passwords from Wi-Fi networks by imitating real access points. This highlights the need to take security measures, such as using strong passwords, up-to-date software and cyber security awareness.
Disclaimer. This article is created for informational purposes only. All advice and instructions are provided for educational purposes and we are not responsible for any possible consequences related to the implementation of this project. Always use safety precautions when working with electronic components.