Just a wierd question.

[troy7548]

Say I visit a place that has security enabled internet wep,wpa or whatever, and I don't have the security code to connect to the Internet. If I power up the Fon and the target enters and connects and they have the security code already saved as one of there wifi connections, would they still connect to the fon(and they just wouldn't have internet) or would it then bypass the fon and they would connect to the wifi hotspot.

*note* I know it wouldn't be much of a point if they don't connect to the internet because there would be no fun packet sniffing but I was just curious as I just ordered my fon. Thanks

[nmaas87]

mh...

you mean something like not only extracting the ssid the client wants to connect to,

and spoofing that on the fon, but also extracting the key they use for their own ap for using it then to attack their "home ap"?

dunno wheter thats possible or not.

[sirgregg]

I think what Troy actually asked two questions, both different from what you answered...

1) will the fon (using jasager I assume) work with encrypted networks that you don't have proper keys to?

2) will the fon work while the target's preferred network is actually there? As in which AP will intercept the pc's beacons faster?

Unfortunately I don't have one so I can't answer any of those :(

[nmaas87]

1) don't know

2) depends on serval things. for most a) if jasager reacts fast enough, that can go wrong on first trial of connnection. B) signal strength jasager vs. real ap. c) if everything rips, send an deauth to the client and try to catch him by havnig an better signal strength.

xeno

[Ingo]

The whole point of Jasager is to share your network connection to others (without them knowing it ofc).

So, to answer 1st NO, no you can not "share" a network you are not connected to, so if you don't know the networks pre-shared pass to connect to it you can't use Jasager with that network. You can always just go to Internet from your phone or just use another node which either has no passwords or one you know the password for.

For the 2nd, well like xenmorph said, it comes down to your signals strength vs. the 'real' access points signals strength and de-authentication is the name of the game in this case.

Additional note: You can always use Aircrack tools to obtain the encrypted networks key, then deploy Jasager attack and de-auth target (or everyone) from the said network and start your MiTM attack.

Hope this helped.

[digininja]

I think what Troy actually asked two questions, both different from what you answered...

1) will the fon (using jasager I assume) work with encrypted networks that you don't have proper keys to?

2) will the fon work while the target's preferred network is actually there? As in which AP will intercept the pc's beacons faster?

Unfortunately I don't have one so I can't answer any of those :(

1. If the client probes then Karma will reply. Depending on your wireless drivers/suplicant you may or may not attach. Some try to negociate the encryption and find it isn't present so drop back to no encryption, others just disconnect then try to connect and start again. If you see a client constantly bouncing on and off the connection this this is probably what is happening.

There is an attack called Caffe Latte from Airtight that will allow you to recover WEP keys from a client but that isn't implemented in Jasager. http://www.airtightnetworks.com/home/resou...affe-latte.html

2. It all depends on signal strength, most clients will silently migrate to the strongest signal available so as long as you are stronger you will win the clients.