Skip to content

A captive portal redirect to a phishing page using the ESP8266, highlighting the vulnerability of smartphones to prompt the user to "Sign In" to the captive portal.

License

Notifications You must be signed in to change notification settings

AbhinavM2000/captive-portal-phishing

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Description

Smartphones prompt the user with sign-in notifications in the vicinity of public WiFi networks. Once the user clicks on the notification, Android automatically redirects the user to the http page served by the router to login to the network. We use this specific feature of the OS to launch a phishing attack. A NodeMCUv3/ESP8266 is used in place of the router which hosts the phishing pages. I was able to successfully perform the attack on several older Android smartphones. It still does work with any smartphone, provided the user manually navigates to the router home IP or use any http website, which will be DNS redirected to the home IP. The low current draw and affordability of the NodeMCUv3/ESP8266 make it an easy choice for someone to exploit such vulnerabilities by deploying several of these disposable rogue access points at public places and later access the harvested credentials from a safe distance through a backdoor.

Usage

  • Edit the HTML in the .h files as necessary, able to include GIFs, images etc as base64.
  • Configure the .ino file, make sure HTML doesn't exceed memory limit.
  • Compile and upload the code to NodeMCUv3/ESP8266 using ArduinoIDE.

Disclaimer

The code provided in this repo is strictly for educational and demonstrational purposes only.

Credits

This is a modified version of the code based on the ESPortal project by Corey Harding www.legacysecuritygroup.com

About

A captive portal redirect to a phishing page using the ESP8266, highlighting the vulnerability of smartphones to prompt the user to "Sign In" to the captive portal.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published