Karma RogueAP(Powerfull Wireless Pen-Testing Tool)

Posted: Sunday,July 20, 2008 in Wifi-Hacking
Tags: , , , , , , ,


Project homepage: http://theta44.org/karma/index.html

“KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.” -http://theta44.org

first of all install the latest madwifi snapshots here


bt ~#tar -zxvf madwifi-trunk-r3813-20080720.tar.gz

bt ~#cd madwifi-trunk-r3813-20080720

bt ~#make && make install

bt ~ # ln -s  /sbin/iwconfig  /usr/sbin/iwconfig
bt ~# ln -s  /sbin/iwpriv  /usr/sbin/iwpriv
bt ~#  ln -s  /sbin/iwevent  /usr/sbin/iwevent
bt ~# airmon-ng start ath0
bt ~#airmon-ng start wifi0

Putting the card into monitor mode

bt ~#wlanconfig ath0 destroy

bt ~#wlanconfig ath0 create wlandev wifi0 wlanmode master

goto karma directory

karma.xml “Runs a rogue base station with DHCP, DNS and HTTP services.  The HTTP service re-directs all requests to the ExampleWebExploit module that displays a simple HTML page.  This page can be replaced with something that informs the user that their wireless settings are insecure and that it may be a violation of corporate policy etc” -http://theta44.org

bt karma#bin/monitor-mode.sh ath0

bt karma#(cd ./src/ && make) && ./src/karma ath0

bt karma#

bt karma#bin/karma  etc/karma.xml

Now the rogue services are started any probing clients will now connect to KARMA on our machine whichever SSID their machine chooses to use.

Iwconfig output showing ath0 working as RogueAP.we can see bssid of RogueAP

We can see our FakeAP is working now and broadcasting BSSID & other clients probing for legitimate AP automatically connects with our rogueAP

karma-scan.xml – “Attempts to find insecure wireless clients that will associate to rouge network and possibly obtain IP address via DHCP”. -http://theta44.org

bt karma#bin/karma etc/karma-scan.xml


This tool have layer attack approach.I am still working on it so that we can lauch more attack like Nmap scanning and metasploit for exploit the known vulnerabilites.

  1. Ray says:

    Quick question. Do most Wi-Fi pentesting tools work with
    the USB type of adapters?



  2. wifi0wn says:

    You can OPT for Alfa & Edimax,Linksys WUSb54GC type cards which are USB Dongles & supports injection well right out of the box.for more info search backtrack HCL Wiki

  3. Comp says:

    Hi I need the code for karma.sh please thanks

  4. wifi0wn says:

    karma.sh itself is shell source code file.check it out using vi or nano or kwrite

  5. Comp says:

    Hi yes it is a shell but it ask’s for a activation code that it send’s to your email but I can not find where to change the default email to my one thanks

  6. wifiyes says:

    hi where can i download karma.sh and how do i get the activation code or how do i set it all up many thanks

  7. Wifiman says:

    Hi got karma.sh opened it up with kwhigt and it is not english some kind of computer encrypt please can some one help me try and read it please

  8. Jamil says:

    Plz give me the activation code for karma.sh…………!!!!!!!Thnx

  9. Jamil says:

    Hi I need the code for karma.sh please

  10. gino says:

    Could you please give me the all details.Because i’m new to BT.

  11. gino says:

    can’t download ..need help

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s