In the last episode, we captured and cracked Wi-Fi PMKIDs using Flipper Zero and ESP32 Marauder. It was all about collecting handshakes and decrypting them offline.

This time, we’re flipping the script. What if there was no handshake to crack? What if people just gave you their passwords directly?

You’re sitting at your favorite café or killing time at an airport. You pull out your phone or laptop, and bam! There it is:

• Free_WiFi_Airport or Café_WiFi_Guest

No password. Super convenient. You connect, a splash page appears asking for some login info, maybe an email or a “terms and conditions” checkbox. You click through without thinking twice.

Now imagine that entire setup was fake, and you just gave your credentials to someone sitting two tables away with a Flipper Zero.

Welcome to the world of Evil Portals.

An Evil Portal is a fake login page that pops up when someone connects to a rogue Wi-Fi network. It looks legit like what you’d see at an airport or coffee shop. But it’s completely controlled by an attacker.

Once someone enters their credentials, those details get saved and can be used later. Some setups go further and inject malware or harvest session cookies.

• Plug in your 3-in-1 board and power on your Flipper Zero.

• Select ESP32 on the board and press the switch to activate it.

• Go to Go to Apps, then GPIO, then ESP

• Choose [ESP32] Evil Portal

• Select Set AP name and name the AP you want devices to see in their Wi-Fi list.

• Scroll down to Select HTML and select your HTML file

• If you’re looking for ready-made HTML files to use as portal templates, you can check out this repo: https://github.com/bigbrodude6119/flipper-zero-evil-portal/tree/main/portals
• Move the HTML files into apps_data > evil_portal > html on your SD card.

• Start the Portal. Nearby devices will see a fake open Wi-Fi network. When they connect, they’ll be shown the selected login page. Whatever they type will be logged.

Evil Portals are a simple but powerful demonstration of how easy it is to exploit trust in public networks. Unlike handshake attacks that require cracking, this method relies entirely on human behavior and most people won’t think twice about entering their credentials on a convincing-looking page.

Don’t forget: this is strictly for educational purposes. Use it only in your own lab, never on unsuspecting users. Stay ethical.

See you in the next episode.

Stay vigilant, stay informed, and stay secure!

Thank You for Reading!

Your interest and attention are greatly appreciated.