Jump to content

Jasager/karma Vs Open, Wep, Wpa


Recommended Posts

Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi.

Link to comment
Share on other sites

Now I only have outdated information and was seeking a bit of clarification. Is jasager/karma effective against anything other than open wireless networks? Since the pineapple doesn't know the psk for WEP and WPA networks it cannot spoof as them and be auto connected to can it? And if so, is the pineapple still really that effective especially since more and more devices just like windows 7 frown away from auto connecting to open wifi.

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly.

Link to comment
Share on other sites

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web. They will connect willingly.

Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness.

Link to comment
Share on other sites

Correct, I was just discussing on IRC, I have no doubt that people will willingly connect for the free wifi but the Jasager portion of all this is getting more and more outdated. If it wasn't for the ease of use and attack tools now builtin to the pineapple it really would be on the decline in usefulness.

It really depends on where you do your recon. I've used the pineapple MKIV on university campuses and public transit with great success. Sure Windows 7 is no longer auto connecting, but that doesn't mean phones aren't. (And with a typical SSID like "ATT Open WiFI" people almost always connect to it manually if they see it.

Link to comment
Share on other sites

Hmmm windows 7 doesn't auto connect any more? that news to me :/ did mac ever and does it still auto connect? also just out of curiosity the other day i was messing with my pineapple and my laptop, which is connected to my wpa secure wifi network, was seeing both my network (the secure one) and another network with the exact same name as mine but it was open, is this karma that is doing this? i don't fully understand it... also i noticed the singal level on the open one was low, likr one bar, but when i connected to it it was full strength...

Link to comment
Share on other sites

I also see karma'd versions of secure networks but a lot of people wouldn't realise the significance of secure wireless vs open wireless and would connect to a ssid they reconise regardless. The usefulness of been able to change the pineapples default broadcast ssid to a custom one is also underestimated, I've had many clients connect on the old mk3 without karma, purely because the default ssid looks good, something like 'campus wifi' or 'free wifi' Normally gets hipsters really excited.

Link to comment
Share on other sites

The wifi system on the WII only looks at the SSID of the network before it connects to it.

My WII is only set to connect to a my wpa-psk wifi network but it always ends up on the pineapple with the encrypted SSID name.

I think one or two older OSes would do this but it been fixed now.

Link to comment
Share on other sites

Only works for open network, no auth. But do not underestimate the need for people to facebook/twitter/pinterest/web/bank/email/ebay/craigslist/resume submission/etc. They will connect willingly.

Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop.

Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination.

As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :)

Link to comment
Share on other sites

Fixed 'er up for ya. :) I've seen all of the above just from a single coffee shop/cafe drop.

Depending on your expectations and target environment, Jasager/Karma is as effective now as it ever was. Sure, you may not capture a few Win7 machines, and if that's all that you're targeting, then you've got some extra work to do in order to get them to connect...limited only by your imagination.

As another poster pointed out, coupled with the ability to change the SSID, I find there is no shortage of sheeple and hipsters who will blissfully connect to our tasty, forbidden fruit, entirely unaware of the MitM. :)

one of the best places to pentest is a busy movie theater,

I changed the ssid to ("name of theater" FREE) and was surprised that over half of the people connected used the ssid.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...