Sniffing Wi-Fi probe requests with NodeMCU and uploading them to PHP script

mwangi991 · December 23, 2020, 9:08am

Hi. I am trying to sniff Wi-Fi probe requests with a NodeMCU 1.0 (ESP-12E module) and then immediately upload the data (mac_address and RSSI) to a PHP script to store it in a MySQL database. The sequence would be: Detect probe request, fetch mac_address and RSSI, upload to PHP script, continue listening for more probe requests. I am working with code from: https://www.hackster.io/rayburne/esp8266-mini-sniff-f6b93a and https://www.hackster.io/kosme/esp8266-sniffer-9e4770. Below is what I currently have:

File below: MACSniff.io

// by Ray Burnette 20161013 compiled on Linux 16.3 using Arduino 1.6.12
//Hacked by Kosme 20170520 compiled on Ubuntu 14.04 using Arduino 1.6.11

#include <ESP8266WiFi.h>
#include "./functions.h"

#define disable 0
#define enable  1
unsigned int channel = 1;

void setup() {
  Serial.begin(57600);
  Serial.printf("\n\nSDK version:%s\n\r", system_get_sdk_version());

  wifi_set_opmode(STATION_MODE);            // Promiscuous works only with station mode
  wifi_set_channel(channel);
  wifi_promiscuous_enable(disable);
  wifi_set_promiscuous_rx_cb(promisc_cb);   // Set up promiscuous callback
  wifi_promiscuous_enable(enable);
}

void loop() {
  channel = 1;
  wifi_set_channel(channel);
  while (true) {
    nothing_new++;                          // Array is not finite, check bounds and adjust if required
    if (nothing_new > 100) {
      nothing_new = 0;
      channel++;
      if (channel == 15) break;             // Only scan channels 1 to 14
      wifi_set_channel(channel);
    }
    delay(1);  // critical processing timeslice for NONOS SDK! No delay(0) yield()
  }
}

File below: functions.h

// This-->tab == "functions.h"

// Expose Espressif SDK functionality
extern "C" {
#include "user_interface.h"
  typedef void (*freedom_outside_cb_t)(uint8 status);
  int  wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
  void wifi_unregister_send_pkt_freedom_cb(void);
  int  wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);
}

#include <ESP8266WiFi.h>
#include <ESP8266HTTPClient.h>
#include "./structures.h"

#define MAX_APS_TRACKED 100
#define MAX_CLIENTS_TRACKED 200

#define HOST "example.com"          // Enter HOST URL without "http:// "  and "/" at the end of URL

#define WIFI_SSID "*******"            // WIFI SSID here                                   
#define WIFI_PASSWORD "********"

int aps_known_count = 0;                                  // Number of known APs
int nothing_new = 0;
int clients_known_count = 0;                              // Number of known CLIENTs

int val = 1;
int val2 = 99;

String sendval, sendval2, postData;


void wifi_upload()
{
  pinMode(LED_BUILTIN, OUTPUT);     // initialize built in led on the board
  WiFi.mode(WIFI_STA);
  WiFi.begin(WIFI_SSID, WIFI_PASSWORD);                                     //try to connect with wifi
  Serial.print("Connecting to ");
  Serial.print(WIFI_SSID);
  while (WiFi.status() != WL_CONNECTED)
  { Serial.print(".");
    delay(500);
  }

  Serial.println();
  Serial.print("Connected to ");
  Serial.println(WIFI_SSID);
  Serial.print("IP Address is : ");
  Serial.println(WiFi.localIP());    //print local IP address

  delay(30);
}

void promisc_cb(uint8_t *buf, uint16_t len)
{
  signed potencia;
  if (len == 12) {
    struct RxControl *sniffer = (struct RxControl*) buf;
    potencia = sniffer->rssi;
  } else if (len == 128) {
    struct sniffer_buf2 *sniffer = (struct sniffer_buf2*) buf;
    struct beaconinfo beacon = parse_beacon(sniffer->buf, 112, sniffer->rx_ctrl.rssi);
    potencia = sniffer->rx_ctrl.rssi;
  } else {
    struct sniffer_buf *sniffer = (struct sniffer_buf*) buf;
    potencia = sniffer->rx_ctrl.rssi;
  }

  // Position 12 in the array is where the packet type number is located
  // For info on the different packet type numbers check:
  // https://stackoverflow.com/questions/12407145/interpreting-frame-control-bytes-in-802-11-wireshark-trace
  // https://supportforums.cisco.com/document/52391/80211-frames-starter-guide-learn-wireless-sniffer-traces
  // https://ilovewifi.blogspot.mx/2012/07/80211-frame-types.html
  if ((buf[12] == 0x88) || (buf[12] == 0x40) || (buf[12] == 0x94) || (buf[12] == 0xa4) || (buf[12] == 0xb4) || (buf[12] == 0x08))
  {
    //Serial.printf("%02x\n",buf[12]);
    // if(buf[12]==0x40) Serial.printf("Disconnected: ");
    // if(buf[12]==0x08) Serial.printf("Data: ");
    // if(buf[12]==0x88) Serial.printf("QOS: ");
    // Origin MAC address starts at byte 22
    // Print MAC address

    // ANTHONY'S OPINION - store buf[22+i] to string variable then upload that string variable
    // ANTHONY'S OPINION - do the same for the other buf[x]
    for (int i = 0; i < 5; i++) {
      Serial.printf("%02x:", buf[22 + i]);
    }
    Serial.printf("%02x  ", buf[22 + 5]);
    // Signal strength is in byte 0
    Serial.printf("%i\n", int8_t(buf[0]));

    wifi_upload();

    HTTPClient http;    // http object of class HTTPClient


    // Convert integer variables to string
    sendval = String(buf[22 + 5]);
    sendval2 = String(buf[0]);


    postData = "sendval=" + sendval + "&sendval2=" + sendval2;

    // We can post values to PHP files as  example.com/dbwrite.php?name1=val1&name2=val2&name3=val3
    // Hence created variable postDAta and stored our variables in it in desired format
    // For more detials, refer:- https://www.tutorialspoint.com/php/php_get_post.htm

    // Update Host URL here:-

    http.begin("http://192.168.0.31/arduino_trial/dbwrite.php");              // Connect to host where MySQL databse is hosted
    http.addHeader("Content-Type", "application/x-www-form-urlencoded");            //Specify content-type header



    int httpCode = http.POST(postData);   // Send POST request to php file and store server response code in variable named httpCode
    Serial.println("Values are, sendval = " + sendval + " and sendval2 = " + sendval2 );


    // if connection eatablished then do this
    if (httpCode == 200) {
      Serial.println("Values uploaded successfully."); Serial.println(httpCode);
      String webpage = http.getString();    // Get html webpage output and store it in a string
      Serial.println(webpage + "\n");
    }

    // if failed to connect then return and restart

    else {
      Serial.println(httpCode);
      Serial.println("Failed to upload values. \n");
      http.end();
      return;
    }


    delay(1000);
    digitalWrite(LED_BUILTIN, LOW);
    delay(1000);
    digitalWrite(LED_BUILTIN, HIGH);


    // Enable this lines if you want to scan for a specific MAC address
    // Specify desired MAC address on line 10 of structures.h
    /*int same = 1;
      for(int i=0;i<6;i++)
      {
      if(buf[22+i]!=desired[i])
      {
        same=0;
        break;
      }
      }
      if(same)
      {

      }
      //different device
      else
      {

      }*/
  }
  //Different packet type numbers
  else
  {

  }
}

I uploaded the code successfully. However, the detection part worked but the uploading to PHP script part did not work. How do I fix this?

6v6gt · December 23, 2020, 9:55am

As a trouble shooting method, use HTTP GET instead of POST.

 int httpCode = http.POST(postData);   // Send POST request to php file and store server response code in variable named httpCode
    Serial.println("Values are, sendval = " + sendval + " and sendval2 = " + sendval2 );

The advantage is that you can test it by typing the URL in a browser search bar to test the back end.
Also look at the web server log files to see clues as to why it failed.

system · May 5, 2021, 7:23pm