How to Use Every Tool for the ESP32 Marauder

How to Use Every Tool for the ESP32 Marauder

WiFi Marauder Instruction Manual

 

Intro

Welcome to the WiFi Marauder Instruction Manual. This guide is designed to help you navigate and utilize the powerful features of your WiFi Marauder device. Whether you are a cybersecurity enthusiast, a network administrator, or simply someone interested in exploring the capabilities of WiFi and Bluetooth technologies, this manual will provide you with detailed instructions on how to perform various attacks and sniffing operations.

The WiFi Marauder is equipped with a range of tools for WiFi and Bluetooth hacking, including deauthentication attacks, beacon spamming, probe request flooding, and more. Additionally, it offers advanced sniffing capabilities to capture and analyze network traffic. With its user-friendly interface and comprehensive feature set, the WiFi Marauder is your go-to device for wireless security testing and research.

This manual is divided into several sections, each focusing on different functionalities of the WiFi Marauder. From performing deauthentication attacks to setting up evil portals, and from Bluetooth sniffing to detecting card skimmers, we cover it all. Follow the step-by-step instructions to make the most out of your device.

WiFi Attacks

Deauth Flood

A deauthentication flood is a wireless attack that forges fake deauthentication packets to drop clients from a targeted access point. This can disrupt the network connection of clients on that network.

  • Wi-Fi > Sniffers > Scan APs
  • Wait for the target SSID to show and end the scan
  • Wi-Fi > General > Select APs
  • Select the target APs you would like to deauthenticate
  • Wi-Fi > Attacks > Deauth Flood
  • It could take a while to start kicking devices as you are trying to kick every device on that wireless network. For a more targeted attack, let's look at Deauth Targeted

Deauth Targeted

A deauthentication targeted attack is the same as the flood but targeting specific clients. You would use this to focus the attack on a certain device connected to the network.

  • Wi-Fi > Sniffers > Scan Stations
  • Wait for target Mac address to show up
  • Wi-Fi > General > Select Stations
  • Select the target stations (MAC addresses) you would like to deauthenticate
  • Wi-Fi > Attacks > Deauth Targeted
  • It should take less time now that your device is focusing on a selected few targets

Beacon Spam List

This spams Wi-Fi SSIDs from a generated list in the device. It will not work unless you generate the list.

  • Wi-Fi > General > Generate SSIDs
  • Wi-Fi > Attacks > Beacon Spam List

Beacon Spam Random

Works just like the Beacon spam list but does not need a generated list of SSIDs. They will be completely random.

  • Wi-Fi > Attacks > Beacon Spam Random

Rick Roll Beacon

Spams the lyrics as SSIDs lol.

Probe Request Flood

It broadcasts a lot of probe requests with random SSIDs. This can be used to confuse probe request sniffers, like the Marauder or WiFi Pineapple..

AP Clone Spam

Clones an AP causing confusion for someone trying to locate the legit network.

  • Wi-Fi > Sniffers > Scan APs
  • Wait for the target SSID to show and end the scan
  • Wi-Fi > General > Select APs
  • Select the target APs you would like to clone
  • Wi-Fi > Attacks > AP Clone Spam

Evil Portal

The evilportal spawns an access point and hosts a webserver. The webserver serves a web page with username and password forms. Once a client connects to the access points and attempts to access any web page, they will be redirected to the web page served by Marauder. Any credentials they enter in the username and password fields will be displayed in Serial, Screen, and logs.

In order to run evilportal, the user will be required to provide two configurations:

  • Access Point Name (can be provided by SSID list, AP list, or SD file)
  • index.html (can only be provided by SD file)

The access point name can be set by the following priority list:

  • The first SSID in the list of SSIDs
  • The first instance of a "selected" AP in the list of APs
  • From /ap.config.txt in the SD card attached to your ESP32

Using SSIDs:

  • You can create a list of SSIDs using ssid, Add SSID, or Generate SSIDs

Using APs from Scanned List:

  • You can get a list of access points using Scan APs. This option will essentially clone a pre-scanned access point and use it for EvilPortal.

index.html:

  • For the time being, index.html can only be provided via /index.html on the root of your SD card.
  • You can find many different HTML files in bigbrodude6119's EvilPortal Github repo. Once you have chosen your HTML file, rename it to index.html and place it in the root of your ESP32 SD card. If you wish to store multiple HTML files on your SD card, you can use the sethtml subcommand of evilportal to select a specific HTML file before starting the attack or when starting the attack.

Bluetooth Attacks

Sour Apple

Takes advantage of a vulnerability in iOS17 and will spam popups on nearby apple devices until the device crashes. Takes minutes to recover usually.

Swiftpair Spam

Swiftpair Spam is a vulnerability that uses Bluetooth Low Energy (BLE) to create Swiftpair traffic from randomly generated MAC addresses. This can cause Swiftpair-enabled devices, like Windows PCs, to receive repeated notifications for BLE device pairing. The attack can create over 1,000 notifications in a minute.

Samsung BLE Spam

Works a lot like sour apple but doesn’t crash the phone, just spams pair notifications on Samsung devices.

Google BLE Spam

Works a lot like sour apple but doesn’t crash the phone, just spams pair notifications on Google devices (i.e., Pixel).

BLE Spam All

Throws the kitchen sink at everything around you.

WiFi Sniffers

Probe Request Sniff

A probe request sniff captures probe request frames from nearby devices looking for available WiFi networks. This can help identify devices in the vicinity and the networks they are searching for.

  • Navigate to Wi-Fi > Sniffers > Probe Request Sniff.
  • The device will start capturing probe requests from nearby devices.
  • Analyze the captured data to identify devices and their preferred networks.

Beacon Sniff

A beacon sniff captures beacon frames from nearby access points. This can help you discover available networks and gather information about their configurations.

  • Navigate to Wi-Fi > Sniffers > Beacon Sniff.
  • The device will start capturing beacon frames from nearby access points.
  • Review the captured data to see details about the available WiFi networks.

Deauth Sniff

A deauth sniff captures deauthentication frames on the network. This can help you detect deauthentication attacks targeting your network.

  • Navigate to Wi-Fi > Sniffers > Deauth Sniff.
  • The device will start capturing deauthentication frames.
  • Monitor the captured data for any suspicious deauth packets.

Detect Pwnagotchi

Detect Pwnagotchi is used to identify Pwnagotchi devices in the vicinity. Pwnagotchi is a device used for automated WiFi hacking.

  • Navigate to Wi-Fi > Sniffers > Detect Pwnagotchi.
  • The device will scan for Pwnagotchi devices.
  • If detected, the Pwnagotchi devices will be listed.

EAPOL/PMKID Scan

EAPOL/PMKID scans are used to capture EAPOL (Extensible Authentication Protocol over LAN) and PMKID (Pairwise Master Key Identifier) frames, which are useful for attempting WPA/WPA2 handshake captures.

  • Navigate to Wi-Fi > Sniffers > EAPOL/PMKID Scan.
  • The device will start capturing EAPOL and PMKID frames.
  • Analyze the captured data for potential handshake captures.

Packet Monitor

Packet Monitor captures and displays all WiFi packets in real-time, providing a comprehensive view of the network traffic.

  • Navigate to Wi-Fi > Sniffers > Packet Monitor.
  • The device will start capturing all WiFi packets.
  • Monitor the captured packets for detailed network analysis.

Scan APs

Scan APs is used to discover and list available access points in the vicinity.

  • Navigate to Wi-Fi > Sniffers > Scan APs.
  • The device will scan for available access points.
  • Review the list of detected access points for further actions.

Raw Capture

Raw Capture allows for capturing all raw WiFi frames without any filtering or processing.

  • Navigate to Wi-Fi > Sniffers > Raw Capture.
  • The device will start capturing all raw WiFi frames.
  • Analyze the raw data using external tools or software.

Station Sniff

Station Sniff captures data from client devices (stations) connected to access points.

  • Navigate to Wi-Fi > Sniffers > Station Sniff.
  • The device will start capturing data from client devices.
  • Review the captured data to identify connected devices and their activities.

Signal Monitor

Signal Monitor provides real-time monitoring of the signal strength of nearby WiFi networks.

  • Navigate to Wi-Fi > Sniffers > Signal Monitor.
  • The device will start monitoring the signal strength of nearby networks.
  • Use the signal strength data to determine the proximity and quality of the networks.

Bluetooth Sniffers

Bluetooth Sniffer

The Bluetooth sniffer captures Bluetooth packets in the vicinity. This helps in identifying Bluetooth devices and analyzing their communication.

  • Navigate to Bluetooth Sniffers > Bluetooth Sniffer.
  • The device will start capturing Bluetooth packets from nearby devices.
  • Analyze the captured data to identify Bluetooth devices and their communication patterns.

Detect Card Skimmers

This function is used to detect Bluetooth card skimmers, which are often used in fraudulent activities to steal card information.

  • Navigate to Bluetooth Sniffers > Detect Card Skimmers.
  • The device will scan for Bluetooth devices that match the signature of known card skimmers.
  • If a potential card skimmer is detected, it will be listed.

 

Settings

ForcePMKID Send deauthentication frames when access points are detected during sniffpmkid
ForceProbe Send deauthentication frames when access points are detected during sniffprobe
SavePCAP Save captured WiFi data to PCAP files on an attached SD card. You can analyze in wireshark or another packet capture software
EnableLED Enable/Disable the status indicator LED included on specific hardware

Outro

I hope this manual has made it easy for you to explore the potential of your device.

- Hedge

Buy Marauder Here

Back to blog