justcallmekoko / ESP32Marauder

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
5.74k stars 624 forks source link

'Evil Portal' options inside Marauder apps flipper zero not working #402

Open datadotlog opened 11 months ago

datadotlog commented 11 months ago

This not go ahead from "Setting HTML"

LuckyFishGeek commented 11 months ago

Same question.

markjsc commented 10 months ago

Happy New Year!

I think this one needs a bit more detail. I'll add my observations.

From the [ESP32] WiFi Marauder app (v0.6.6), I can't seem to get the HTML file or the ap.config.txt to be properly set when using the Start command. I get the following:

Could not find /ap.config.txt. Use stopscan...

or

Could not find Google_Realistic_V2.html. Use stopscan...

It works fine with sethtmlstr - which is executed from the Flipper app's "Load Evil Portal HTML file" command. But using "sethtml" or "start" (with the "-w" arg) never seems to find the file. This also happens for the ap.config.txt file.

My files are on my SD card at /app_data/marauder/. For example /app_data/marauder/ap.config.txt, or /app_data/marauder/html/Google_Realistic_V2.html.

Any advice on how to get the command to properly recognize the files?

I'm using Unleashed Firmware (0.67), Official Wifi Dev Board with Marauader v2.5 firmware. (Please let me know if you need any more details to troubleshoot.)

@justcallmekoko

markjsc commented 10 months ago

Happy New Year!

I think this one needs a bit more detail. I'll add my observations.

From the [ESP32] WiFi Marauder app (v0.6.6), I can't seem to get the HTML file or the ap.config.txt to be properly set when using the Start command. I get the following:

Could not find /ap.config.txt. Use stopscan...

or

Could not find Google_Realistic_V2.html. Use stopscan...

It works fine with sethtmlstr - which is executed from the Flipper app's "Load Evil Portal HTML file" command. But using "sethtml" or "start" (with the "-w" arg) never seems to find the file. This also happens for the ap.config.txt file.

My files are on my SD card at /app_data/marauder/. For example /app_data/marauder/ap.config.txt, or /app_data/marauder/html/Google_Realistic_V2.html.

Any advice on how to get the command to properly recognize the files?

I'm using Unleashed Firmware (0.67), Official Wifi Dev Board with Marauader v2.5 firmware. (Please let me know if you need any more details to troubleshoot.)

@justcallmekoko

Replying to my own post. I was able to get things working as expected using Xtreme Firmware.

I used both the Evil Portal app, as well as the Evil Portal features included in the Marauder app (both under Apps/Wifi).

I was able to reproduce the issue when I created a custom script inside the Marauder app, so I'm still not able to set the path of the HTML file correctly (probably my own misunderstanding of how to structure the path).

My script is: evilportal -c start -w Google_Realistic_V2.html I've tried multiple ways to structure the path (/Google..., /html/Google...), but can't seem to understand what it's expecting. Each time, output shows that it can't find the HTML file.

Regardless, I'm glad I was able to work around it using a different firmware.

boobaloop commented 9 months ago

I was able to get this to work by switching my 64gb kingston microSDXC sd card with a 16gb microSDHC sd card

How big are your SDs? Just switch to a 16gb one

markjsc commented 9 months ago

I was able to get this to work by switching my 64gb kingston microSDXC sd card with a 16gb microSDHC sd card

How big are your SDs? Just switch to a 16gb one

Oooo - that's a good suggestion! I didn't have any micro SD cards around when I ordered the Flipper Zero, so I ordered a multi-pack with 2x64GB. I realize now that it's WAY overkill!

I'll track down a smaller card and see if that fixes it for me.

Thanks for the suggestion!!

boobaloop commented 9 months ago

I am using a 16gb A-DATA microSDHC UHS-I class 10 and it now shows the AP working perfectly, I was able to test the capturing of credentials and all I did was switch to this card from my 64gb one

markjsc commented 9 months ago

I am using a 16gb A-DATA microSDHC UHS-I class 10 and it now shows the AP working perfectly, I was able to test the capturing of credentials and all I did was switch to this card from my 64gb one

Nice! I ordered a 16GB card yesterday (should arrive later this week). I'll post back once I verify the solution.

markjsc commented 9 months ago

I am using a 16gb A-DATA microSDHC UHS-I class 10 and it now shows the AP working perfectly, I was able to test the capturing of credentials and all I did was switch to this card from my 64gb one

Following-up. The 16GB card didn't fix the issue with the Marauder app not being able to locate the ap.config.txt file.

I can get everything working as expected with the Evil Portal app, however.

Here's what I'm seeing:

I spent a bit of time trying to debug the Marauder app to determine why the paths were working this way. Sadly, I'm not quite familiar with how things work in C to have made any headway. (However, if you need anything debugged in C# or JavaScript, I'm your guy!)

So my workaround is pretty simple - use the Evil Portal app for Evil Portal, and use Marauder for everything else.

Since I'm using Xtreme firmware, I've customized the menu to include both apps as top-level items: image

LuckyFishGeek commented 9 months ago

Tested: esp32 s3 module does not work with this method.

trueVinton commented 3 months ago

Hi guys!

From the wiki,

The access point name can be set by the following priority list:

  1. The first SSID in the list of SSIDs
  2. The first instance of a "selected" AP in the list of APs
  3. From /ap.config.txt in the SD card attached to your ESP32

Step 3 is not currently working, but we can still use 1 or 2. It's easy to do method 2, which creates an evil twin of the existing network within your device range:

  1. scan for AP
  2. list AP and look for the desired ssid
  3. select AP from the list
  4. Click "Load Evil Portal HTML file" and select the file. It's using the path /apps_data/marauder/html
  5. Start evil portal

As a result, you are hosting the evil twin! POC screenshot: Flipper zero screenshot with a Marauder running Evil Portal, and credentials successfully captured.