Skip to content

ZeroTrace HID

WiFi SSID Spoofing

Set the device AP's SSID to blend in

Any SSID is valid. The default [DeviceName] ZT is intentionally distinctive; change it in the app's Settings to match the environment. (The AP itself underpins the TraceNetwork mesh, renaming it is purely for blending in.)

Common patterns

  • Match nearby phones, iPhone (15) or Samsung Galaxy S24 blend into a room of personal hotspots.
  • Match the target's infrastructure, Corp-Guest, Print-Server-3, Conference-AV.
  • Hidden SSID, set the SSID and enable Hidden to suppress beaconing entirely.

Caveats

  • WPA2 is preserved regardless of name, the AP still requires the configured password. SSID spoofing affects discoverability, not security.
  • Signal fingerprinting still gives you away. Nearby WiFi auditors that compare BSSID OUIs will see ESP32-S3 vendor data. SSID alone doesn't defeat WiFi forensics.
  • Captive portal mimicry, the device doesn't run a captive-portal stack out of the box. Pair with a custom payload if you need that surface.

Per-engagement workflow

Pre-engagement, walk the area with your phone's WiFi scanner. Pick an SSID that looks at-home and isn't already broadcasting in range (which would make the duplicate stand out). Set, deploy, verify with a fresh scan.

Command Palette

Search for a command to run...