Jump to content

Mk4 Feature Request, Maybe


bobtheman
 Share

Recommended Posts

from my understanding karma only works if the network the users nic is looking for isnt there. if im at home connecting to my home network that is already saved and setup then I would not connect to the rouge pineappple ap (i think this is right).

ive seen talk about having to process deauth attks to force a disconnect to attempt to have the nic send probe requests to attempt to have the kara intercept.

If this is correct, couldnt the process of deauth be incorporated into karma?

Link to comment
Share on other sites

hey Andrei

yeah ... using a separate nic for deauth that's correct. I see what your saying though, couldn't incorporate a feature that requires another piece of hardware.

Is my understand of how karma works correct? It will only intercept if your attempting to connect to a AP that is not present?

Link to comment
Share on other sites

bobtheman: Not exactly. If you are closer to the "possible" client, karma will respond to the probe request before the "legitimate" AP. Therefore, he will join your network instead of the "legitimate" one. This might be thwarted however if the "legitimate" AP broadcasts a stronger signal. Then it is pretty much luck of the draw. :)

Link to comment
Share on other sites

bobtheman: Not exactly. If you are closer to the "possible" client, karma will respond to the probe request before the "legitimate" AP. Therefore, he will join your network instead of the "legitimate" one. This might be thwarted however if the "legitimate" AP broadcasts a stronger signal. Then it is pretty much luck of the draw. :)

Just like in real estate, pineapple'ing is all about location, location, location. And big antennas. :)

telot

Link to comment
Share on other sites

im also assuming that if you start using the fake ap after the clients have already connnected to the legitimate AP then no exchange would occur as they are already associated with the real ap.

I'm totally confused by your question bobtheman. Sorry - are you asking if deauthing will get the targets to your pineapple if they're already attached to the legitimate AP? If so, the answers a huge resounding yes - thats the whole point of deauthing the AP. Lets break it down in some easy to understand terms so that you can perhaps clarify your question.

Target1 is a person on a laptop, they are at coffee shop with a wifi ssid of coffee_shop. You are there with your laptop and pineapple we'll call Attacker1. Lets say you've connected your laptop to your phone via tethering for internet to be shared through the Attacker1 laptop to the attacking pineapple. Ok!

Target1 is already at the coffee shop when you arrive. They are connected to coffee_wifi and happily surfing the net without getting rick rolled, ngrep'd, tcpdump'd, and wtfpwn'd. Lucky them. You arrive on the scene and fire up your laptop to ICS via tethered phone to your pineapple, which is of course hidden away in your backpack. So right now any newcomer to the coffee shop who has coffee_wifi saved as a AP on their computer/phone/tablet will likely connect to the pineapple, but only if your signal is stronger than coffee_wifi (because it will respond to the probe request faster). If the newcomer has never been to the coffee shop, and doesn't have coffee_wifi saved on their computer (because they've never connected) but DO have another open authentication access point saved on their computer (maybe airport_wifi or something) they will connect to the pineapple and the user will think they've connected to airport_wifi. Now! On your attacking laptop, you plug in your alfa usb wifi and turn on monitor mode and do an airodump-ng to see whats going on in the air around you - yes you can do it with the pineapple, but as has been discussed its a pain in the ass in its present form. So you've got your airodump-ng output on your attacking laptop, and you notice that Target1 is happily surfing away on coffee_wifi. Well this cannot stand! Again using your alfa usb awus036H, you run aireplay-ng -0 40 and nuke the whole AP down. Now everyone, Target1 and anyone else attached to coffee_wifi will lose their internet connection, and their wifi devices will almost instantly begin sending out probe requests for coffee_wifi and every other saved AP they might have at one time connected to. Thats when your pineapple will surely respond with a probe response saying that YES HELLZ YEAH IM COFFEE_WIFI! So no matter how much more powerful the signal on coffee_wifi might have been than your pineapple (people sitting far away from you, closer to the AP) will get them karma'd up with a little yes man action.

Even if you're attached to coffee_wifi yourself as Attacker1 (you cheapass, go get yourself an android!), you can do a targeted deauth on coffee_wifi and just pick off each user one by one and yes man their probe requests and proceed to wtfpwn them.

Now, I may have been totally confused by your question, and if the above doesn't explain anything at all - please rephrase your question using the terms Attacker1, coffee_wifi, Target1, etc. Hope this helped tho

telot

Link to comment
Share on other sites

thanks telot

your example was very helpful. I am referring to the incorporation of the said deauth attacks into the mk4 web interface. Im assuming that since using airodump on the mk4 is a huge pain this would not be ideal.

I guess another way to express my idea is.

Karma is receiving/ picking up probe request's regarding an AP called coffee_wifi. Attacker1 is late on the scene and coffee_wifi already has 50 users actively using it. Would it be possible, would you be interested in incorporating some sort of feature regarding deauth's to disassociate those 50 users into karma itself or the pineapple web gui?

Link to comment
Share on other sites

Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice......

....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc...

Link to comment
Share on other sites

Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice......

....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc...

Depends on their power consumption. If you use a powered usb hub, then you'd probably be okay.

Link to comment
Share on other sites

Can multiple usb devices be used through a usb hub-like device? So, perhaps another wireless device can be used for sending out deauth packets, monitoring, etc. All while the pineapple still uses it's antenna for karma and it's clients? Add the 3G modem, and a battery. Leave it some place real nice......

....log into it from anywhere and essentially be as if you were physically there, sending death packets, airodump the vicinity, etc...

Adding an alfa USB awus036H has been on my list of things to do since I got my hands on the markIV. As barry mentioned, a powered hub would definitely been necessary for multiple usb devices (especially if two of them are additional radios).

Right now you can deauth using the pineapples interface (top right on the status page, where it says Airmon-ng). The only problem is getting the BSSID. If you have an android phone, you can use the program called "Wifi Analyzer" to get BSSIDs and type them into the markIV status page and deauth that way. I like to use my alfa on my laptop primarily because I like airodump-ng - I just love seeing the "full picture" of what all is going on around me. But yeah, you can do almost everything from the pineapple itself - even running airodump - but that requires a power cycle to get it back and ready to karma those who you're about to deauth...hence the pain in the ass factor :)

telot

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...