This article is part of a series: you can find the first article here. If you missed the previous one, it is here.

Checking the capabilities of our WiFi-interface

On any system you can run the following command to get the capabilities of the wireless interfaces attached to that device:

iw list

In the output of our Pi Zero W, we can see that is supports an AP mode, which means we can make the HostOTG create a hotspot on boot for controlling the device from a distance or without making use of the Ethernet-to-USB interface that the HostOTG emulates.

In the same output you can also see that we can combine modes, but with a couple restrictions:

#{ managed } <= 1, #{ AP } <= 1, #{ P2P-client } <= 1, #{ P2P-device } <= 1,
 total <= 4, #channels <= 1

This means that we can set the interface in both AP and client mode. As a result you can have connectivity from an existing WiFi-hotspot and create also our own. Both hotspots must exist on the same channel, but that is no problem.

This is quite advanced but cool to keep in mind. In our case we want to set up an AP that starts on boot, so we can make our first connection. If you want to use both the AP and be a client to another, you’ll have to know and configure the environment before. This is not practical, so you’ll have to configure it over the emulated Ethernet-to-USB connection to make it work in every situation. You can find more on setting up combined modes here.

Creating the hotspot

Install the necessairy packages:

sudo apt-get install hostapd dnsmasq

Now we must create a configuration file containing all the settings of the hotspot. I like to keep all configurations files in the home directory, so they are easily changed, copied and reused. We will be combining a lot of the programs in different setups, so it’s easier if they are easy to find.

Create the file hostapd.conf: (Change ssid and wpa_passphrase if you want to)


Start the hotspot:

killall wpa_supplicant dhcpcd hostapd dnsmasq #kill all unnecessary processes
sudo mount --bind /dev/urandom /dev/random #BUGFIX, to ensure good security
sudo hostapd hostapd.conf

Run a DHCP-server on the hotspot-interface

An easy and lightweight option of looking for a DHCP-server is “dnsmasq”. We already installed the package so we go on and create the config file.


# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers
# Interface to bind to
# Specify starting_range,end_range,lease_time
# dns addresses to send to the clients

Start the DHCP-server and configure the interface:

sudo dnsmasq -C dnsmaq.conf
sudo ifconfig wlan0 up netmask

Putting it all together

We can make scripts to start or stop the hotspot on-demand. Just create these scripts and run them to put the HackOTG in and out hotspot-mode.


if [ $( mount | grep urandom | wc -l ) -eq 0 ]; then
 sudo mount --bind /dev/urandom /dev/random
sh /home/pi/hotspot_stop.sh
sudo hostapd /home/pi/hostapd.conf&
sudo dnsmasq -C /home/pi/dnsmasq.conf&
sleep 2
sudo ifconfig wlan0 up netmask


sudo killall dnsmasq hostapd dhcpcd wpa_supplicant
sudo ifconfig wlan0

(optional) _You should add the hotspot_stop.sh script to the previous _connect_wifi_ssid.sh script from this article. Otherwise you will not be able to connect to the internet anymore because the AP will be occupying the AP, add the hotspot_stop.sh command to the script like this:

sh /home/pi/hotspot_stop.sh
sudo wpa_supplicant -B -i wlan0 -D wext -c ssid.conf
sudo dhcpcd --nohook wpa_supplicant wlan0

Start the hotspot on boot

For all Debian-based distro’s there is a file /etc/rc.local that runs all commands that are put in it when the device is fully booted. Simply add a line with the hotspot_start.sh command to it (don’t forget the & at the end to make it a background-process). The command should go before the line containing “exit 0”.


# By default this script does nothing.

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
 printf "My IP address is %s\n" "$_IP"

# put your scripts to boot here
sh /home/pi/hotspot_start.sh&

exit 0

Now you can restart the device and if everything is OK, it will create the WiFi-hotspot named “HackOTG” with the password “raspberry”. If you waited for a minute and you can’t pick up the signal, you can still log in to your device over the emulated Ethernet-to-USB device. Now you have 2 ways to connect to your HackOTG!.

In the next article we will further explore the possibilities to see and controll trafiic on a network.

HackOTG (v1.4): See all traffic on a network with Promiscuous mode and Bettercap