Jasager Plugins? Tools for pwning?

[El Di Pablo]

Hey guys, I ran into Darren at Toorcon and mentioned to him that I was going to do my final paper on the Jasager project in my Network Security class.

My professor likes the idea, but wants me to add more stuff to the report (e.g. other tools) I can use once the victims connect to my pineapple.

I thought about adding a section on Metasploit/db_autopwn, but since we already touched on that in class I don't want to use that.

Any ideas would be helpful.

Thanks,

-EDP

[digininja]

If you want to contribute, look at the todo list. If you have any specific areas you are interested in mail me (details on site) and I'm happy to discuss them. As I've said a few times, I have loads of ideas for extensions and upgrades but not got much time to fit them in.

[El Di Pablo]

If you want to contribute, look at the todo list. If you have any specific areas you are interested in mail me (details on site) and I'm happy to discuss them. As I've said a few times, I have loads of ideas for extensions and upgrades but not got much time to fit them in.

Hi digininja, it doesn't necessarily have to be a plugin for Jasager/ It could just be a tool running on your laptop. I'll take a look at your todo list though. Thanks!

[digininja]

Well I maintain karma which is the laptop base for Jasager, if you need any help with that let me know too.

[El Di Pablo]

Update: I decided to write my paper on using Jasager in conjunction with Sidejacking using Ferret and Hamster. I will let you all know how I do grade wise.

If you are not familiar with Sidejacking, here is a cool Youtube video I found:

[RchGrav]

Update: I decided to write my paper on using Jasager in conjunction with Sidejacking using Ferret and Hamster. I will let you all know how I do grade wise.

If you are not familiar with Sidejacking, here is a cool Youtube video I found:

Thats Pretty Sick. Looks like a pretty neat trick. Now you just need to figure a way to provide actual internet access with one and be able to be on the same network with your laptop. Too bad you can't just TAP another WIFI signal and provide AP services over Karma at the same time. Maybe use your lappie to reshare another WIFI signal with ICS? Hmm...

[El Di Pablo]

Thats Pretty Sick. Looks like a pretty neat trick. Now you just need to figure a way to provide actual internet access with one and be able to be on the same network with your laptop. Too bad you can't just TAP another WIFI signal and provide AP services over Karma at the same time. Maybe use your lappie to reshare another WIFI signal with ICS? Hmm...

Yeah, that is basically the scenario I proposed in my paper. I would have a laptop with a Mobile wireless card, and I would bridge the internet connection between that and my connection with the Fon.

Now with all the packets flowing through me, I can capture browser session traffic with Ferret from all of the unsuspecting hot spot suckas...errr... users then funnel those packets through Hamster and start "Sidejacking" their browsing sessions. Pure pwnage!

I give my presentation tomorrow. I'll let you all know how I do.

[El Di Pablo]

Alright, report/presentation is complete. Got an A by the way. Teacher liked the idea of using Jasager over the classic MiTM because you could potentially pwn multiple users at once rather than the classic arp poisoning/MiTM with Cain or similar program where you can really only target one at a time.

There will be some new visitors to the forum looking to hack their Fons now as everyone in the class wants to try this.

Thanks for everyone's help!

[Darren Kitchen]

Bauer,

Awesome stuff dude and congrats on the A. Wish I had seen this thread before doing the sidejacking pineapple segment on 412 else I'd have given a shoutout. I'll have to bring it up on the next ep.

[OiNK]

Epic.

This really quick frankly terrifying... although i must try this out next time im bored @ wifi spot hehe thanks for bringing this to my attention :D!

....and so it begins....all your base are beloing to us lol