Jump to content


Global Moderators
  • Posts

  • Joined

  • Last visited

  • Days Won


Everything posted by digininja

  1. Action -> intercept response That would give you a single shot edit of the response.
  2. Not sure where this is going, but just a warning, if you start posting links to recruitment sites or job adverts, they will be removed and you will potentially banned for spamming. If you really want help from the community, post a question or something that someone can respond to.
  3. I gathered that from the original question. What do you mean by track it? What kit do you have available, over what area, give us some more information to work on. If you are planning to try to track a single phone anywhere in the world from your home, forget it, if you have an array of wireless devices that you can deploy around a target area then there are options.
  4. What is it you are attempting to achieve? What do you mean by track?
  5. OK, obviously you know your stuff so don't really need any help, good luck with it all.
  6. If the client expects the network to be encrypted and it isn't, it will try to connect, find out that WPA isn't offered, and then disconnect. You could setup a WPA version of the network, collect message two of the 4 way handshake, take that away and try to crack it, but it wouldn't be instant, and the server would not be able to authenticate itself to the client in message 4 of the handshake so the client would disconnect. For a standard Karma attack, which is to lure clients to connect to your open wifi network, the client expecting WPA or WEP will prevent the attack.
  7. If you understood the basics then you would understand that none of the WPA or WEP family would be affected by Karma.
  8. Airodump-ng, part of the Aircrack-ng suite of tools sniffs traffic and will log what you want. If a client is using randomised MAC addressees when probing, then you won't be able to work out which are from a specific client, if they aren't then you just look for all the probes from your chosen MAC. I'll tell Vivek about the videos being down. Despite them being old, they still give a very good base for WiFi as the low level concepts don't change.
  9. I strongly recommend you go through this Wifi Primer from Security Tube, it will help you understand a lot more about how wifi works and its vulnerabilities. http://www.securitytube.net/groups?operation=view&groupId=9
  10. You really need to work on your terminology, probes don't come from an AP, they come from a client. You can get lists of probe requests from Aircrack-ng.
  11. You are mixing terms up here, you said you wanted a list from an AP. That is the access point and it will often have a small set of ESSIDs that it will accept. You are now mentioning a list from a client, that can have many more ESSIDs in its PNL. If you want those, you have to listen for probe requests. What is it you are ultimately trying to achieve?
  12. From a specific AP, just sniff traffic around it and watch for matching or very similar BSSIDs. If it is broadcasting beacons then you'll get them straight away, if it isn't you'll just have to watch traffic.
  13. If you understand how the client app works and look at my patches you will see that I added a way to dynamically add ESSIDs to the list that hostapd supports, using that, you can take your list and add as many as you like one the AP is up and running. And for investigate, use the tool, understand how it interacts and how it can make changes on the fly. Read about Karma, Dino posted stuff when he invented it, I published quite a bit when o took over, Hak5 have done plenty of videos on it, Security Tube has a full module on WiFi attacks which includes Karma style attacks.
  14. Have you used the hostapd client? Have you used the patched version I wrote? Have you investigated either of them?
  15. Do some research on how hostapd and it's client works. Get it installed and play with it just on its own with any attacks. After that you'll understand more.
  16. You can dynamically add and remove ESSIDs with the client app.
  17. Still didn't get the answer.... my pc is acting as ap through my wifi adapter and my wifi adapter is having clients connect to it through the processing of my pc to the requests.... so ... ? If your PC, with attached wifi adaptor, is acting as the AP, then it is down to what your PC, with attached wifi adaptor, can handle. If you have a cheap little AP that has very limited throughput, then you won't be able to do much before it is flooded, if you have a top of the range adaptor, then then it will handle more. If you have a really old 486 PC, it will handle less than a top end i9. For putting up fake APs, you can probably do it with other tools now, but the way I would do it is with custom modified hostapd, this will respond to any ESSID requested. https://digi.ninja/karma/ I've not maintained that for many years though, so you'd have to find a patch for the current hostapd. I assume that the current Pineapples are still running it, again, I've not looked since I stopped working on them after version 2.
  18. Whatever is acting as the AP as it is that that is sending out the ESSIDs and having clients connect to it. what exactly is it you want to do?
  19. A single BSSID can support multiple ESSIDs so you can put up as many ESSIDs as you want on an AP. The maximum would be dependant on your hardware's ability to handle the throughput and the network traffic. A rubbish little home router may be maxed out with 10 connections, an expensive commercial AP may be able to handle 100.
  20. The software creates the wireless packets that are sent out and so it can put whatever value it wants in the BSSID (MAC) address field. If it wanted to increment the value for every packet it could do it. Your router is only limited because it's software is limited, no other reason.
  21. Burn it all down, go live on a dessert Island as far from technology as you can, you are obviously cursed by the tech god's.
  22. Looking at that, they don't have a second parameter on the upload command, just the file that they want to upload. Did you try that?
  • Create New...