Jump to content

"Spoofing" open SSIDs


HackYourMind
 Share

Recommended Posts

This is a noob question, but I am still trying to figure out.

How do I go about spoofing an open network in the area? Let's say I am at Starbucks, and the Wifi name is "Starbucks Wifi" - In Karma configuration do I just change my SSID to "Starbucks Wifi"? Wouldn't that cause some sort of conflict. Also, how would I get those people who have had their preferred network as "Starbucks Wifi" to connect to my pineapple instead of the real deal?

Link to comment
Share on other sites

If you set your SSID to the spoofing target, clients intending to connect to "Starbucks Wifi" will connect to you, provided your signal and quality is better then the actual network. This is generally a matter of proximity being the main factor.

A client currently connected to the target network will not leave to connect to you automatically, this is where you would want to run a deauth attack.

Wifi devices are relatively trusting in the greater scheme of technology, two networks broadcasting the same SSID won't cause a conflict.

When a client whose preferred network is "Starbucks Wifi" prepares to connect, it will connect to your network, conditional on the factors mentioned above, just like a client who is manually connecting.

Link to comment
Share on other sites

in the GUI under the Karma sub-page 3rd tab over Karma config you will see SSID. the default is Pineapple_<last 4 of the MAC>

change that to "Starbucks"

if you are using the CLI the config file is /var/run/hostapd-phy0.conf

scroll to the bottom you will see

wpa=0

ssid=pineapple_123 <--edit this

bridge=br-lan

NOTE: dont go messing with the settings unless you know what you are doing. otherwise you'll have to flash the FW.

Edited by kerpap
Link to comment
Share on other sites

This is a noob question, but I am still trying to figure out.

How do I go about spoofing an open network in the area? Let's say I am at Starbucks, and the Wifi name is "Starbucks Wifi" - In Karma configuration do I just change my SSID to "Starbucks Wifi"? Wouldn't that cause some sort of conflict. Also, how would I get those people who have had their preferred network as "Starbucks Wifi" to connect to my pineapple instead of the real deal?

Ingsoc explained it well.

When dealing with WiFi access points, you need to know 3 things. BSSID, ESSID and encryption method.

1. The ESSID is the name of the access point, which can be "My Home Network" or "Laundromat WiFi".

2. The BSSID is the MAC address of that access point.

3. The encryption method is whether it's Open, WPA, etc.

The SSID you refer to is the ESSID and the mobile device associates the ESSID along with the BSSID together. So it would be like you showing up at John's house and asking for John (ESSID) but to make sure you're at the right place, you check the mailing address of the home to make sure (as there's a lot of "John's" in the world).

To fool the person, it's easy to spoof the ESSID because you can name it whatever you want, it's mainly there to make it easier for mobile device users to distinguish each access point within range.

So to use a laundromat scenario, if the access point for WiFi is 200 feet away and John is outside waiting for his clothes to finish drying surfing the net, you need to disconnect him by deauthing him first.

Then you have your spoofed access point running Karma having it closer to him (mostly for a stronger signal) so that his mobile device chooses to connect to you instead. When he checks his device to see if he's still connected, he'll see the spoofed ESSID and as long as he has internet, will continue to surf the web. Your pineapple could be located in a parked car very near John but out of sight.

Edited by Lockon
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...