[Karma Jasager wpa]

Mr-Protocol thanks for the input. I think your steps are the same as mine just written in simpler language. And you also add the deauth step, yes, I agree.

I was looking for a no hands solution, so your step 3, can that be automated somehow do you know? Similar to how karma broadcasts beacons, I'd ultimately like to broadcast WPA APs the same way.

I also found on forums this which is basically step 1

https://forums.hak5.org/index.php?/topic/38180-howto-capture-wpa-handshake-wifi-pineapple-nano/

So for the WPA experts - what do we use to actually generate the AP side handshake? i.e. what are our cracking tools

[Karma Jasager wpa]

I ran a similar set of tests about a month ago, maybe more by now, Win7, Android, and Ubuntu Linux clients. On the Tetra, but same software (Karma, etc). I think that to accept a client that is looking for a WPA access point, pineapple would need some way to respond with the correct handshake (using tools like airng and the like maybe?)

In other words its not enough to reply "Yes I am the WPA AP you want", like it does with Open networks and Karma

Iirc WPA is like:

Client sends some handshake info

AP replies with its handshake info

Everything matches then client connects; otherwise, no dice.

I'm thinking, is it possible to set up pineapple something like this:

1. listen for and collect the clients handshake / request to connect

2. send to a server to crack / brute force / etc the password, again i think air-ng or something may have this capability?

3. once cracked, send handshake reply to pineapple

4. broadcast the handshake reply, so now client thinks pineapple is its desired WPA2 AP

I have not investigated the sort of computational power it would take for a "simple" WPA2 password crack, this is just an idealized flow. Any WPA2 experts - Am I on the right track at least?

I second your notion of trimming your pool size. I wonder, does pineapple interface allow us to filter out WPA protected ARPs somehow? I will have to look again for this, curious...

[karma, filtering; SSIDs with spaces cannot be removed]

ssids seem to be kept in

/etc/pineapple/pineapple.db a SQLite database. This is what I see:

sqlite> select * from ssid_list;

id,ssid

1,"XANADU-ZONE

"

2,"

"

So I can clear by doing

delete from ssid_list;

then replacing modified database file. That works fine if I want to start over.

I did more digging, and Im not sure how it got into the state above anyway, where a newline seems to be appended. The issue started with the web console. But here is the table just using the web console again:

sqlite> select * from ssid_list;

id,ssid

1,Coconuts

2,"Added From Web Client"

3,HOME-A9E8-5

I will try and post more info when it happens again esp. if I figure out how to recreate.

[karma, filtering; SSIDs with spaces cannot be removed]

Additionally I tried investigating using hostapd karma commands. I think I am just making things worse though?

> karma_del_ssid

Invalid 'delete Karma SSID' command - exactly one argument, SSID, is required.

> kamra_del_ssid Test-SSID Number 1

Unknown command 'kamra_del_ssid'

> kamra_del_ssid "Test-SSID Number 1"

Unknown command 'kamra_del_ssid'

>

[karma, filtering; SSIDs with spaces cannot be removed]

1.0.2 Tetra firmware. Reboot, etc, problem persists. Closest I could find seems to be fixed: https://forums.hak5.org/index.php?/topic/37619-problems-using-filtering/

Applies to web console and command line. Command line dump:

root@Pineapple:/# pineapple karma list_ssids

XANADU-ZONE

root@Pineapple:/# pineapple karma del_ssid XANADU-ZONE

Sucessfully removed SSID XANADU-ZONE

root@Pineapple:/# pineapple karma list_ssids

XANADU-ZONE

I think the problem has to do with spaces, not sure how exactly Check this out:

root@Pineapple:/# pineapple karma add_ssid TEST-SSID Number 1

Sucessfully added SSID TEST-SSID

root@Pineapple:/# pineapple karma list_ssids

XANADU-ZONE

TEST-SSID

root@Pineapple:/# pineapple karma del_ssid TEST-SSID Number 1

Sucessfully removed SSID TEST-SSID

root@Pineapple:/# pineapple karma list_ssids

XANADU-ZONE

If I didn't know the "full" name of the SSID, I couldn't remove it. For now, where are these entries stored on the wifi pineapple so I can manually remove (all of) them? A button/command in karma to clear all filters would be great also!

Also note there is a blank entry that cannot be removed either. Anyone know a quick way to clear this karma white/black list without firmware reset?