Karma on the Fon
For six months on and more off i have been working on a project called the Wi-Fi Pineapple first featured on the brilliant home-brew tech show Hak5.
The original problem was, when you are trying to own noobs on the wireless man-in-middle… you had to do it on an individual basis. Now, thanks to @Mubix @RobinWood and @DarrenKitchen we have the project Jasager and a thing called Karma installed onto a FON access point.
What it does is takes advantage of the way Macintosh and Windows computers work with stored favourite wireless access points. So, when you have say your windows laptop and you take it home, you set it up once to access your home access point and from then on when you are home it will automatically connect when in range. When you are trying to be productive and visit your local starfuks coffee shop to do some work, your laptops first job is to see where it is, and if any of your favourite wireless networks are in range by sending out a Probe Request.
The pineapple quietly sitting there scanning the 2.4GHz airways for your probe request packets, sees your request and Sais “YE, I’m your home access point (SSID)” or “YE, I’m your works access point (SSID)” and your laptop connects the pineapple where the noob will be none the wiser, there just happy to be on the internet looking at noobtube. All the time we are in the middle of their traffic able to intercept packets and all that good stuff.
What makes the Jasager so brilliant is its ajax interface where we can securely log in to the backend ether through the Ethernet port of by making a personal SSID to access it wirelessly and watch the noobs logon to the pineapple in real-time with their basic information, MAC address PC name and what IP address they have been assigned.
From there we can take it easy, we have them assigned with DHCP they are on the internet with us in the middle. From there we can power up Wireshark and check out there packets, or step it up and run Cain & Abel. That’s the neat thing about this project, once you have them in the honey-pot you can break out all your best tools and work away.
Now I have only just got my pineapple working a few hours before this year’s #BCBlackpool 2010 so was unable to demo it working, and as yet not even taken it out into the wild. I hope to be able to “TEST” at my local StarFuks coffee shop with the aid of a “Willing, Compliant” laptop or two.
I certainly can’t condone hacking anyone’s Wi-Fi connection as such a thing is legal and against the telecommunications act. It’s more of a learning of how to best protect your wireless when out in the wild.
- A FON 2100 [UNDER ANY CIRCUMSTANCES PLUG HIM INTO THE INTERNET!!]
- FON must be wearing firmware version 0.7.1 r1
- Software like PuTTY / WinSCP to SSH onto FON