Why the need for the Fon?

[PLuNK]

Hello,

I'm just wondering why people would use extra hardware for there ARP poison needs (Not exactly sure what Jasager does, Don't plan to use it either..) If the concept behind Atheros based chipsets is to provide the ability for multiple connections/interfaces then couldn't you just use other methods like ARPING? along with a netbook based on a Atheros network chip?

Personally I'd find it a LOT easier to just use my current laptop along with another external (Express slot/Cardbus) wireless card and ARPING for ARP poisoning techniques and forward all MITM traffic back to the network gateway intended to be used.

Please share your opinions on Jasager,Fon and this idea.

Thanks.

[DoDg3]

I concure, It is so much easy to run a standard arp poisoning attack.

If the network is open just jump on and your away.

I suppose the difference would be if there was multiple open AP, you wouldnt be able to connect to them all unless you had multi wifi adapters.

[post_break]

Jasager is more of like a laid back approach to hacking. What I like about it is the size. If you get a self contained device you could set it up and hide it like I want to do. Or you could use airbase with a netbook like you mention.

This type of exploitation is unique because you are doing a sort of social engineering on wireless clients instead of WPA or wep cracking.

Call me crazy but I would prefer to set up my fake access point for an hour while reading a book and grab the goods then target users one at a time. With this type of exploit you can target just about all of the laptops in the area without doing a single thing other than booting the fon up or running a script.

Taking a fon out with you to do essentially the same thing as ARP poisoning is one of those "You're doing it wrong" situations I will agree.

[digininja]

If you are not sure what it does, have a read and watch the show, it has been explained in a number of ways, the best one was the cartoon that Darren did around the Toorcon episode.

The original idea behind it was that because the Fon is a small and cheap piece of hardware it can be put in position during a pen-test and left in place. If it gets nicked then it isn't too much of a loss based on the cost of the pen-test as a whole.

I'm actually surprised at the number of people who say they are planning to use it along side a laptop, I agree with you, if I were in a position where I could use the laptop I'd be running something like airbase or karma.

[PLuNK]

If you are not sure what it does, have a read and watch the show, it has been explained in a number of ways, the best one was the cartoon that Darren did around the Toorcon episode.

The original idea behind it was that because the Fon is a small and cheap piece of hardware it can be put in position during a pen-test and left in place. If it gets nicked then it isn't too much of a loss based on the cost of the pen-test as a whole.

I'm actually surprised at the number of people who say they are planning to use it along side a laptop, I agree with you, if I were in a position where I could use the laptop I'd be running something like airbase or karma.

Exactly what I mean,

I understand the concept behind it, Just not the reason.

[digininja]

An example I got from a friend who regularly does pen-tests where they are allowed to go on site and have physical access.

They take a wrt54g in with them, plug it into the network and use it as a jump point to get on to the network from the outside. Occasionally the device will disappear and they would be down a few dollars down but that is ok.

Jasager can be used in a similar way, wander into a clients office, plug it in somewhere with some kind of network access, see other threads for way on doing that, then wander off and leave it as a MITM. At the moment apart from my port scanner there aren't any tools to take advantage of being in the middle but I see people writing ones, the obvious one being a packet sniffer to grab passwords. The project is in its infancy, I think once we get some modules sorted, a solid way to get internet connection (there has been talk about disposable mobile phone and gprs) and a decent battery pack (again, see other threads) I think this could become a very useful tool in a pen-testers arsenal.

This is the way I see it being used by professionals, for people at home, it is just a fun tool to play with hardware hacking, embedded devices and all the other stuff to go along with it.

And finally for me, it is just fun writing something like this!

[remezcle]

Its not needed its just an extra feature.... you dont need wireless amplipher.. but maybe its nice. Fon is just nice but not a deal breaker.