WiFi sniffing with Pi Zero (W) and ESP8266 pHAT
Whereas the ESP8266 has received a lot of interest in the IoT community as a standalone unit, I did not find much in terms of projects using the ESP8266 pHAT in conjunction with the Raspberry Pi. I thus decided to try to implement a WiFi sniffer, that utilizes the promiscuous mode of the ESP8266 to identify WiFi beacons/clients and presents the results in a web interface running on the Pi.
My starting point on the ESP8266 side of the project was the ESP8266 Mini Sniff project by Ray Burnette. Besides code cleanup and simplification, my main change was to make it output the sniffed beacons and clients in JSON format instead of visualizing it in ASCII.
The next step was to make a Python wrapper for communicating with the ESP8266 pHAT to retrieve JSON data and enrich it. Python communicates with the ESP8266 via serial to request and retrieve the data and via GPIO to reset it. Once the JSON data has been retrieved, the wrapper enriches the data by adding access point SSID and channel information to the clients and by adding MAC-based manufacturer information from the Wireshark manufacturer database.
With that in place, I coded a Flask web server that uses the Python wrapper to obtain sniffed WiFi beacons and clients and presents these in tables in separate tabs using Bootstrap and sortable.js. A screenshot of the client tab is shown below (cropped to only show my own devices).
Finally, the obligatory photo of the physical device: a Raspberry Pi Zero W + ESP8266 pHAT, mounted with hammer headers:
MIT-licensed project available under on GitHub: https://github.com/larsjuhljensen/phatsniffer