Karma... And What Else?

[Tataboutlamin]

Ok so... how Karma works?

I ran the script (from backtrack5) after being connected to an AP I wanted to "spy".... to be honest, It's my own router at home.

So my equipments are : my PC, my laptop and my smartphone (android samsung nexus S)

So Pineapple Wifi is plugged with my laptop.... my laptop is connectedon on my router (my router is connected to my PC). I launch the script on my laptop with backtrack 5, everything is going fine and my laptop has access on internet through my router AND access through my pineapple wifi....

I enable the karma option on my laptop....

My smartphone is not connected on my home router..... then I enable my wifi connection on my smartphone so it will connect on my router.....

on my laptop I see : Karma : probe request from {MAC address of my smartphone} for SSID {SSID of my router}

BUT IT'S OVER !!!!!!

On websites or forums we can see that it's making "connection" or whatever.....

What should I do to have "that" connection between my Pineapple Wifi Mark IV and people around me? I'm talking about myself as a victim... my own smartphone is trying to reach my router, and pineapple gets that probe request, but it doesn't established the connection I wanted!

Thanks

[iamk3]

Is your home router secured? Karma only "spoofs" open networks. If you have never connected to an open network on your phone, it won't connect to the pineapple. Also, more and more I am seeing OS/ROM makers changing settings where a device won't connect automagically to open networks...

[Tataboutlamin]

the only thing that i can see is this :

-------

IP address HW type Flags HW address Mask Device

172.16.42.206 0x1 0x2 14:da:e9:19:7f:f6 * br-lan

172.16.42.42 0x1 0x0 14:da:e9:19:7f:f6 * br-lan

KARMA: ENABLED

KARMA: Probe Request from 74:f0:6d:93:a3:a2 for SSID 'ulaval-wpa'

KARMA: Probe Request from 5c:95:ae:cf:6b:0c for SSID 'Hotel*Universel'

KARMA: Probe Request from 5c:95:ae:cf:6b:0c for SSID 'Cage-Ste-Foy'

KARMA: Probe Request from 88:c6:63:89:35:87 for SSID 'reseau-maison'

KARMA: Probe Request from 88:c6:63:89:35:87 for SSID 'VIA_Train'

KARMA: Probe Request from 00:21:5d:62:59:56 for SSID 'ulaval-wpa'

KARMA: Probe Request from 70:1a:04:97:f0:94 for SSID 'ulaval-wpa'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'NETGEAR'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'Not Yours!'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'AERO WI-FI'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'A&O Lobby FREE'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'AO Lobby FREE'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'tomato-kn'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'BTOpenzone'

KARMA: Probe Request from 58:55:ca:64:79:d2 for SSID 'Wifi-CIARUS'

-------

and it goes on and on.... what can i do after that? nothing is connecting?

[Razzlerock]

I'm seeing something similar on v2.7. I see lots and lots of probe requests (maybe 50) but only 1 client actually connected. I would say at least 20 of the SSIDs probed are open.

Is Karma broke, or is it a client thing?

I'd be interested to hear other thoughts, as Karma is 'THE' single most important tool for the pineapple and should be bullet proof.

Razzlerock

[Tataboutlamin]

My question is : how to broadcast? Is it just in the configuration tab changing my pineapple SSID for an open SSID prob and voila? Or there is more to do that i don't understand?

How to fake an SSID and hide it so that we don't see 2 same SSIDs???

[01000010]

well I will say try quick karma test.

setup every thing, then on victim connect to hidden network and punch something in using no encryption If you connect then your karma/pineapple is working.

As to faking an SSID, You just set the karma config file to not broadcast its ssid, then it will only display ones that are created from victims probes not one you set.

[PineDominator]

yesterday I had same issue not one person connected but me in about an hour??? it was a heavy trafic area where all of us were pen testing:-)

[Razzlerock]

So, I worked out what I was doing wrong..... *sigh*

I thought that the SSID you configured in 'Configuration' (Karma SSID) or using the Network Manager module was for management-only. Therefore, I set this to an SSID I knew, lets say 'my-wireless' with a PSK. I could now manage the pineapple wirelessly and securely with the PSK. This obviously breaks Karma (relies on open authentication). I set my wireless SSID 'my-wireless' back to open authentication, and now clients can connect when they probe for an SSID (Karma kicks in and says 'yes, im here').

Is there a way to configure no SSID? In other words, there is no need to configure an SSID because I do not want to use wireless for management. I want to use the wireless ONLY for karma so that clients that probe for an SSID will auto-connect to me. Any thoughts?

Razzlerock

[creatox]

either get the network manager module, there is "dont broadcast ssid" option

or i think you can:

iwconfig wlan0 essid off

[Razzlerock]

The 'don't broadcast ssid' doesnt stop the SSID from functioning, it just means that you must 'know' the SSID before hand or wait for someone to connect to it and then you can see the SSID in the probes. The second command seems interesting. So you think this will effectively disable the use of an SSID but still allow Karma to work? That would be beautiful.

Razzlerock