lunokhod Posted February 11, 2014 Share Posted February 11, 2014 Hi Everybody, I tried to find a specific help thread on Karma but couldn't... please move this to the appropriate thread if needed. I'm playing around with Karma during a quiet time at work and need some clarification how the black listing works. I have both Mk V wireless interfaces up and working. wlan0 is my Pineapple AP (SSID "Free WiFi"), wlan1 is in client mode and is connected to my works WPA protected WiFi Access Point for internet connectivity. Using my Kali laptop as an example, I entered the MAC address my laptops WiFi adapter in the Karma Client Blacklisting box and clicked add. Karma log does not seem to show that I added the MAC address. I purposely connect to the Mk V via "Free WiFi" for admin purposes, this works OK. But I do notice that my laptop appears in the Karma log section as having a successful association... even though my laptops WiFi adapter is blacklisted. Is this normal behaviour? Lunokhod Quote Link to comment Share on other sites More sharing options...
thesugarat Posted February 12, 2014 Share Posted February 12, 2014 That's normal. Did it try to Karma your laptop? Any connection will show up but as long as it didn't try to drag you in with fake APs you should be good. Also the blacklisted items are held in a file in ram. So it blanks out every time the pineapple resets. Quote Link to comment Share on other sites More sharing options...
lunokhod Posted February 12, 2014 Author Share Posted February 12, 2014 Nope I wasn't "Karma ed"... my kali laptop connects to "Free WiFi" of it's own accord. I have Windows laptop that has previously connected to other open WiFI access points (not Free WiFi) that Karma successfully works with.I just wanted to make sure that a seeing non Karma "assisted" connection appearing in the Karma tile was normal.Can't wait for black/white lists to be persistent. Sort of painful having to set them up each time the WiFi Pineapple is powered up. Quote Link to comment Share on other sites More sharing options...
lunokhod Posted February 14, 2014 Author Share Posted February 14, 2014 (edited) While I've got a Karma thread happening... What criteria need to be met for a client to appear in the Karma Intelligence Report screen? I've left Karma running on an external antenna today and see a lot of these messages in Karma Log :- KARMA: Successful association of c4:62:ea:7a:61:1dKARMA: Successful association of 00:02:6f:34:fa:35 KARMA: Successful association of 10:68:3f:7a:15:ac KARMA: Successful association of 00:0a:eb:30:0f:23 ...but only this client has appeared in the Karma Intelligence Report :- 00:0a:eb:30:0f:23 172.16.42.183 android-78e774527501d209 Can anyone tell me why I'm seeing this? Edited February 14, 2014 by lunokhod Quote Link to comment Share on other sites More sharing options...
PanamaJim Posted February 14, 2014 Share Posted February 14, 2014 (edited) lunokhod, thanks for bringing up this topic. I've been playing with Karma over the past few days trying to wrap my head around the functionality as presented in the web page versus what can be done from the command line. A few things have come up. In the older versions of the MkIV the Karma Intel Report had links to detailed information. I have yet to see this under the 1.0.4 firmware of the MkV. I took a look at the coding and the code seems to be there so I must ask the question: am I looking in the wrong location in the GUI? I'd love some suggestions on how to maximize the utility of Karma. At the moment I understand how to leverage Karma to capture unsuspecting web surfers but toss some ideas out there to get the innovation juices flowing. I'd love some examples of how others have used Karma to catch the errant web surfers and then passed them onwards to some the other infusions for further handling. In my current work up I've created duplicates of selected web pages of our corporate web site such as the e-mail log on. The victims arrive via the DNSSpoof infusion. I'd like to work up a scenario where the Pineapple is placed as a rogue AP and have it capture people's WiFi devices, especially in some of the non-WiFi designated offices. Once they've been captured I'd like to deposit a cookie or other piece of text on their device to act as a "proof of concept" that their device was victimized. My apologies in advanced if I'm hijacking the thread to far from its original theme but I do think they are related. Edited February 14, 2014 by PanamaJim Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.