Flipper Zero WiFi Board - how to add WiFi to Flipper?
You have a Flipper Zero, you're playing with SubGHz, RFID, NFC, and suddenly it hits you that this gadget can't do anything with WiFi. No network scanning, no recon, no attack detection. The Flipper itself is blind to the 2.4 GHz band.
The solution is a WiFi board, an expansion board featuring an ESP32 module that, when connected to the Flipper's GPIO, opens up an entirely new attack vector. In this article, we'll show you exactly what you gain, what your options are, and why it's a game-changer.
What is a WiFi Board for Flipper Zero?
A WiFi board is a development board with an ESP32 module that plugs into the Flipper Zero via GPIO (the pins on top of the device) and communicates with it via UART (serial port, 115200 baud).
The ESP32 handles everything related to WiFi: scanning networks, capturing packets, and sniffing for deauthentication frames. The Flipper Zero acts as the interface - displaying data on the screen and allowing you to navigate between views using its buttons.
This approach makes perfect sense from an architectural perspective: the Flipper Zero lacks a built-in 2.4 GHz WiFi radio, but it features GPIO pins and the ability to run custom .fap apps. Just plug in the right board, and suddenly you have a pocket-sized WiFi recon tool.
What can you do with a WiFi board?
WiFi Network Scanning (Recon)
The basic and most frequently used function. The WiFi board scans channels 1-14 in the 2.4 GHz band and displays:
- Access point (AP) list - network names, channels, signal strength (RSSI), MAC addresses (BSSID)
- Channel activity spectrum - a visualization of which channels are the most congested
- Clients connected to networks - devices (phones, laptops, IoT) visible on a selected channel
This is the foundation of any WiFi audit. Before doing anything with a network, you need to know what's in range, on which channel, and with what signal strength.
Deauthentication Attack Detection
A deauth attack is one of the simplest and most common WiFi threats. The attacker sends forged deauthentication frames that force devices to disconnect from the network. Victims lose their connection, and the attacker can capture the handshake during the reconnection process.
A WiFi board with the right firmware can listen for these frames in real-time. You can see the attack as it happens: who is sending it (source MAC), who is the target (destination MAC), and on which channel.
This is invaluable at a SOC desk, during a physical security audit, or simply to check if someone is trying to jam the WiFi in your vicinity.
Packet Analysis and PCAP
Advanced boards allow you to capture raw WiFi packets and save them in a PCAP format directly to the Flipper's SD card. You can then open this file in Wireshark and analyze the traffic offline.
Network Security Testing
Combined with Marauder or Ghost_ESP firmware, the WiFi board becomes a tool for testing network resilience against common attacks:
- Beacon spam (fake WiFi networks)
- Probe request flood
- PMKID capture
- Evil portal (captive portal phishing for training purposes)
- DHCP starvation
- Drone detection and spoofing (Ghost_ESP)
Important: Apply all these techniques exclusively on networks that belong to you or where you have written permission to test. Testing the security of other people's networks without authorization is illegal.
Firmware - Marauder vs Ghost_ESP
You can run two main types of firmware on an ESP32 connected to a Flipper:
ESP32 Marauder
ESP32 Marauder is an open-source firmware created by justcallmekoko, designed for WiFi and Bluetooth auditing. It features a dedicated companion app for Flipper (by 0xchocolate) that grants access to all functions via a text menu.
| Feature | Command | What it does |
|---|---|---|
| AP Scan | scanap |
Detects WiFi networks in range (SSID, BSSID, channel, RSSI) |
| Client Scan | scansta |
Detects devices connected to networks |
| Sniff deauth | sniffdeauth |
Listens for deauthentication frames |
| Beacon spam | attack -t beacon |
Generates fake WiFi networks |
| PMKID | sniffpmkid |
Captures PMKID for offline cracking |
| PCAP saving | sniffraw |
Saves raw packets to the SD card |
Ghost_ESP
Ghost_ESP is an alternative firmware that expands the ESP32's capabilities with additional features:
- WiFi: deauth, evil portal, beacon spam, AP/station scanning, DHCP starvation, WPA3/SAE testing
- BLE: scanning, spam, wardriving, AirTag scan and spoof, Flipper finder
- Drone detection and spoofing
- RSSI tracking for selected APs and stations
Both firmware options can be flashed onto the Feberis Pro directly from the Flipper Zero using the ESP Flasher app.
Feberis Pro vs WiFi Dev Board - comparison
There are two main options on the market:
Official WiFi Dev Board
Flipper Devices (and us) sell the WiFi Devboard based on the ESP32-S2-WROVER. However, be aware - this device was designed primarily for wireless firmware updates and debugging the Flipper (via Black Magic Probe), not for WiFi pentesting. Yes, you can flash Marauder onto it, but that's not what it was made for.
Feberis Pro
Feberis Pro is in a completely different league. It's a 4-in-1 expansion board designed from the ground up for security testing:
| Feature | WiFi Dev Board (official) | Feberis Pro |
|---|---|---|
| Primary purpose | Firmware update + debugging | Security testing |
| WiFi Chip | ESP32-S2-WROVER | ESP32-WROOM-32UE-N4 |
| WiFi | ✅ 2.4 GHz | ✅ 2.4 GHz |
| SubGHz | ❌ | 2× CC1101 (433 + 868 MHz) |
| NRF24 | ❌ | ✅ 2.4 GHz (MouseJack) |
| GPS | ❌ | ✅ (wardriving, geolocation) |
| Antennas | Built-in PCB | 4× external (dedicated per module) |
| Firmware | Black Magic Probe / Marauder | Pre-installed Marauder + Ghost_ESP |
| Form factor | Separate board on GPIO (sticks out of the case) | Compact "hat" on GPIO - almost flush with the Flipper |
The key difference: The official Dev Board is a developer tool that can be repurposed as a WiFi tool. Feberis Pro is a complete security testing platform with four radio modules, dedicated antennas, pre-installed Marauder, and support for Ghost_ESP - ready to work the moment it's plugged in.
If you're looking for something you can plug in and immediately start scanning with, check out the Feberis Pro.
How to get started?
- Buy an ESP32 WiFi board - you need a board with Marauder firmware. The Feberis Pro comes with Marauder pre-installed and is ready to plug in.
- Connect to Flipper - plug it directly into the GPIO pins on top of the device.
- Install the app - the official Marauder companion app (for full command control).
- Run it - and start scanning.
Related products
- Flipper Zero - the main device
- Feberis Pro - 4-in-1 expansion board with WiFi, SubGHz, NRF24, and GPS
- Deauth Detector - standalone deauth detector
- Deauther WiFi D1 Mini - compact deauther with Spacehuhn firmware