WiFi Deauther: A Complete Guide to Setting Up and Testing Your Network Security

WiFi Deauther — is a wireless security testing tool that can disconnect devices from access points by simulating attacks like Deauthentication (deauthentication). Although it is often associated with "hacking," it is actually a legitimate tool for security auditing, if used on private networks or with the owner's permission. In this article, we'll look at how to build such a device using microcontrollers. ESP8266 or ESP32, set it up and run tests without breaking the law.

It's important to understand: deauthentication doesn't crack passwords or decrypt traffic. It simply forcibly disconnects the device from the router, forcing it to reconnect. This allows you to identify vulnerabilities in network security settings, such as weak passwords or a lack of protection against replay attacks. However, illegal use of such a tool may result in administrative or criminal liability in most countries.

If you're a network administrator or simply want to test your home Wi-Fi for attack resistance, this guide will help you understand the technical nuances. We'll cover both hardware (board and antenna selection) and software (firmware, setup, and running tests).

📊 What do you want to use WiFi Deauther for?
Testing your network
Educational objectives
Software development
Other

1. What is WiFi Deauther and how does it work?

The basis of the work WiFi Deauther lies in the exploitation of protocol features IEEE 802.11 (Wi-Fi standard). When a device connects to an access point, it goes through an authentication and association process. A deauthentication attack sends special packets. Deauthentication or Disassociation, which forcibly break this connection.

Why is this possible? Because in the Wi-Fi standard no verification of the authenticity of the source is provided such packets. This means anyone can send a deauthentication packet on behalf of the router or client device, and the connection will be terminated. This is a protocol vulnerability, not a specific router bug.

  • 🔍 Attack target: Check how the network responds to attempts to disconnect devices. If, after deauthentication, clients automatically reconnect without additional security measures (e.g., 802.11w), the network is vulnerable.
  • ⚠️ Restrictions: Deauthentication doesn't grant access to data—it only terminates the connection. To intercept traffic, other tools are needed (for example, Wireshark + aircrack-ng).
  • 🛠️ Legal use: Security audit, corporate network testing, training of cybersecurity specialists.

Important: modern routers support the standard 802.11w (protected networks with WPA3-Enterprise) are resistant to such attacks. If your router supports this protocol, enable it in the security settings.

2. Necessary equipment and software

For assembly WiFi Deauther you will need:

  • 📌 Microcontroller: ESP8266 (For example, NodeMCU or Wemos D1 Mini) or ESP32 (better with support) Wi-Fi 5 for operation in the 5 GHz range).
  • 🔋 Nutrition: USB cable or battery (eg. 18650 with a charging module). It is convenient to use for portability. Power Bank.
  • 📡 Antenna: The built-in antenna is suitable for testing in a small apartment. For greater range, you can connect an external antenna (for example, RP-SMA).
  • 💻 Software:
    • Arduino IDE or PlatformIO for firmware;
    • WiFi Deauther firmware from spacehuhn (the most popular option);
    • Drivers for your board (usually installed automatically when connected to a PC).

Cost of the set: from 300–500 rubles (if used) ESP8266 from AliExpress) up to 1500–2000 rubles (from ESP32 and an external antenna). Ready-made devices (for example, Pwnagotchi or WiFi Pineapple) will cost 10-50 times more, but their functionality is wider.

Component Model/example Price (2026) Notes
Microcontroller NodeMCU ESP8266 ~250 ₽ Suitable for basic testing in the 2.4 GHz band
Microcontroller ESP32-WROOM-32 ~500 ₽ Supports 5GHz, more memory
Antenna RP-SMA 2.4/5 GHz ~300 ₽ Increases range to 100-150 m in open space
Nutrition Power Bank 10000 mAh ~800 ₽ Autonomous operation up to 10-12 hours

If you plan to test networks in the range 5 GHz, be sure to take it ESP32ESP8266 It only operates on 2.4 GHz. Also, please note that for legal use, the device must be marked on its case (for example, with a sticker stating "For testing your own networks only").

Why can't you use Raspberry Pi?

The Raspberry Pi isn't suitable for deauthentication out of the box, as its Wi-Fi adapter doesn't support monitor mode without additional drivers. Furthermore, the Pi consumes significantly more power, making it less portable.

3. Flashing the microcontroller

The firmware process WiFi Deauther It consists of three steps: installing the Arduino IDE, uploading firmware, and configuring parameters. Let's look at each step in detail.

Step 1: Installing the Arduino IDE

Download the latest version Arduino IDE With official website and install it. Then add support ESP8266/ESP32:

  1. Open File → Settings.
  2. In the field Additional links for the board manager add:
    https://arduino.esp8266.com/stable/package_esp8266com_index.json
    

    https://raw.githubusercontent.com/espressif/arduino-esp32/gh-pages/package_esp32_index.json

  3. Go to Tools → Board → Board Manager, find esp8266 And esp32, install them.

Step 2: Download the firmware

Download the firmware WiFi Deauther from GitHub:

git clone https://github.com/spacehuhn/esp8266_deauther.git

Open the file esp8266_deauther.ino in the Arduino IDE. Select your board in Tools → Board (For example, NodeMCU 1.0 For ESP8266). Connect the board to the PC via USB and upload the sketch.

Step 3: Setup

After flashing:

  1. Open Port Monitor in the Arduino IDE (Tools → Port Monitor).
  2. Set the speed 115200 baud.
  3. Follow the on-screen instructions to connect to the device's access point (usually SSID: pwned, password: deauther).

If the firmware was successful, you will see the device's web interface at the address 192.168.4.1Here you can configure network scanning, attack launches, and other settings.

☑️ Preparing for firmware

Completed: 0 / 5

4. Setting up and running deauthentication

Once the firmware is installed, the device is ready for use. Let's take a look at the main functions of the web interface. WiFi Deauther:

  • 🔍 Network scan: shows all available access points and devices connected to them. Here you can see BSSID (MAC address of the router), channel, signal strength and encryption type.
  • 🎯 Attacks:
    • Deauth — disconnects selected devices from the network;
    • Beacon Spam — clutters the airwaves with false networks (may disrupt the operation of nearby devices!);
    • Probe Request — simulates the search for networks by devices.
  • ⚙️ Settings: selection of channel, transmission power, timeouts between packets.

Example of running deauthentication:

  1. In the section Scan Select the target network (for example, your router).
  2. Click Select next to the desired device (or select All for all network clients).
  3. Go to the section Attack, select Deauth and specify the number of packages (for example, 10 for the test).
  4. Click Start.

If the attack is successful, the target device (e.g., a smartphone) will lose its Wi-Fi connection and attempt to reconnect. You'll see the packets sent in the web interface logs:

[DEAUTH] Sent 10 packets to AA:BB:CC:DD:EE:FF (Client)

5. Legal uses

Usage WiFi Deauther is regulated by laws on cybersecurity and invasion of privacy. In most countries (including Russia, the US, and the EU) Unauthorized deauthentication of other people's networks is considered hacking. and is punishable by fines or imprisonment. However, there are legal options:

  • 🏠 Home Network Testing: Check your router's resistance to attacks. For example, if devices can't reconnect after deauthentication, it might be worth updating the router's firmware.
  • 🎓 Educational objectives: demonstration of Wi-Fi vulnerabilities in educational institutions (with permission of the administration).
  • 🛡️ Security Audit: Companies hire specialists to perform penetration testing of corporate networks (penetration testing).

To avoid legal problems:

⚠️ Attention: Always obtain written permission from the network owner before testing. Even if you're testing a neighbor's network "for fun," it could be considered a violation. Federal Law No. 149 "On Information" (Article 272 of the Criminal Code of the Russian Federation - unauthorized access to computer information).

If you're a network administrator, document all tests: date, time, purpose, and results. This will help avoid misunderstandings during testing.

6. How to protect your network from deauthentication

If your network is vulnerable to attacks WiFi Deauther, here are the ways to protect yourself:

  • 🔒 Turn on 802.11w (PMF): This standard protects against deauthentication. Look for the option in your router settings. Protected Management Frames and activate it. Supported by most modern routers (ASUS, TP-Link, MikroTik).
  • 🔄 Update your router firmware: Manufacturers regularly patch vulnerabilities. Check the current version in the router's web interface (section System → Firmware).
  • 📶 Use a hidden network (SSID Hiding): This doesn't protect against deauthentication, but it makes it harder for scanners to detect your network. It can be enabled in the settings. Wireless → Basic Settings (option Hide SSID).
  • 🛡️ Set up MAC filtering: Allow connections only to known devices. The downside is that this doesn't protect against MAC address spoofing.

Additional measures:

  • Install intrusion detection system (IDS, For example, Snort or Suricata), which will alert you to suspicious deauthentication packets.
  • Set up guest network For low-trust devices (smart light bulbs, IoT gadgets). The main network will remain secure.

Check support 802.11w on your devices:

Device 802.11w support Notes
Routers ASUS RT-AX88U Yes Included in Wireless → Professional
Routers TP-Link Archer C7 No Firmware required OpenWRT
Smartphones iPhone (iOS 15+) Yes Automatically connects to networks with PMF
Laptops with Windows 11 Yes Latest Wi-Fi drivers required

7. Alternative Wi-Fi Testing Tools

If WiFi Deauther seems too limited, there are more professional tools for security auditing:

  • 🖥️ Aircrack-ng: A set of Linux utilities that allows you to intercept packets, crack WEP/WPA encryption, and deauthenticate. Works with adapters that support monitor mode (For example, Alfa AWUS036ACH).
  • 🍍 WiFi Pineapple: a professional network testing device (price from 20,000 ₽). Supports complex attacks, including Evil Twin And Karma.
  • 🐧 Kali Linux: a Linux distribution with pre-installed pentesting tools (Wireshark, Reaver, Wifite). Suitable for deep network analysis.
  • 🤖 Pwnagotchi: portable device based on Raspberry Pi, which automatically scans networks and intercepts handshakes (handshake). Popular among enthusiasts.

Comparison of tools:

Tool Complexity Price Main functions
WiFi Deauther (ESP8266) Low 300–1000 ₽ Deauthentication, scanning, beacon spam
Aircrack-ng Average For free Packet sniffing, WPA cracking, deauthentication
WiFi Pineapple High 20 000+ ₽ Phishing, Evil Twin, automated attacks
Pwnagotchi Average 5000–10 000 ₽ Automatic handshake collection, deauthentication

For beginners WiFi Deauther — the optimal choice due to its low price and simplicity. For professional auditing, it is better to use Aircrack-ng or WiFi Pineapple.

8. Common mistakes and their solutions

When working with WiFi Deauther Users encounter typical problems. Let's look at the most common ones:

  • The device does not turn on:
    • Check the power connection (USB cable, battery).
    • Make sure the drivers for the board are installed (in Device Manager There should be no exclamation marks next to the COM port).
  • Unable to connect to access point pwned:
    • Check that the firmware is loaded correctly (in Port Monitor there should be no errors).
    • Reboot the board (power off and on).
    • Try connecting from another device (sometimes smartphones do not see the access point due to OS limitations).
  • The attack doesn't work:
    • Make sure the target network and device are within range (check the signal strength in Scan).
    • Try changing the channel in your device settings (some routers automatically switch channels).
    • If you are attacking a 5GHz network, use ESP32ESP8266 Works only on 2.4 GHz.

If your device stops responding:

⚠️ Attention: In case of incorrect firmware ESP8266/ESP32 may become bricked. To restore it, hold down the button BOOT (or FLASH) when connected to USB and try flashing the firmware again. If this doesn't help, use the utility esptool To completely erase memory:

esptool.py erase_flash

Another common problem is board overheatingIf the device is running for more than 30–40 minutes, it may start to malfunction. Solution: Use passive cooling (a heatsink) or take breaks from use.

How to check if deauthentication works?

Run on a laptop Wireshark in monitoring mode (monitor mode) and filter packages by type DeauthenticationIf you see packets from your device, an attack is underway.

FAQ: Frequently Asked Questions

❓ Can WiFi Deauther be used to crack passwords?

No, WiFi Deauther It only breaks connections, but does not crack passwords. To intercept a handshake (handshake) and subsequent brute force is needed Aircrack-ng or HashcatHowever, even in this case, modern networks with WPA3 resistant to such attacks.

❓ Is it legal to test networks in public places (cafes, airports)?

No, testing other people's networks without the owner's explicit permission illegallyThe exception is if you're a network administrator (for example, testing the Wi-Fi at your cafe). In public places, such actions could be considered a cyberattack.

❓ How to increase the range of WiFi Deauther?

To increase the range:

  • Use ESP32 instead of ESP8266 (best receiver sensitivity).
  • Connect an external antenna with amplification (for example, 9 dBi).
  • Change the firmware to ESP32 Deauther with support high power mode.
  • Place the device closer to the target network (for example, on a windowsill).

❓ Is it possible to detect if I'm being attacked by WiFi Deauther?

Yes, signs of an attack:

  • Devices constantly lose connection to Wi-Fi.
  • Messages about multiple connection breaks appear in the router logs.
  • Programs like Wireshark or Acrylic Wi-Fi show suspicious packages Deauthentication.

For protection, turn on 802.11w or use IDS (For example, Snort).

❓ Where can I buy a ready-made WiFi Deauther device?

Ready-made devices are sold on AliExpress (search by request ESP8266 Deauther), but their quality often leaves much to be desired. It's better to assemble the device yourself—it's cheaper and more reliable. An alternative is WiFi Pineapple or Pwnagotchi, but their price starts from 5000 ₽.