|
Post by gettex on Mar 17, 2016 13:23:16 GMT
Hi @ all,
Im trying to get fruity to work since a while.. At the beginning i just dont wanted to create a topic like "please help i dont get it to work.." So i tried a lot of different setups and settings i found during my research, but i still dont get it to work..
My actual setup is a raspi 2 with the new kali 2016.1.. Before i had it installed on the raspbian jessie with a TL-WN722N (ar9271) and also a ralink 5370 chipset.
Ap and karma or mana are starting, the ap is shown but karma/mana arent doing their job.
Could it be possible for someone to share its fully installed image with fruity fully working? I just want to take a look at the differences why im not getting the modules up to work -.-' especially ios devices arent connecting..
Thank you very much! Greetings GeTTeX
|
|
|
Post by xtr4nge on Mar 18, 2016 21:38:00 GMT
Hi gettex,
Did you set OUT interface to provide internet? If you click connect to the broadcasted SSID, are the devices connecting? If you create from the device a network that does not exists (example: bla-001) when Karma or Mana are enable, is the device connecting?
If you are expecting all the devices to connect automatically, that is not going to happen =/ With some devices still working automatically, but with other devices, user interaction is required.
regards,
|
|
|
Post by gettex on Mar 19, 2016 19:12:38 GMT
Thank you for the reply!
Yes eth0 is connected but if i choose "select network" at the device its not goin to connect, also its not possible for ios devices to get connected to spoofed aps. Also there are no spoofed networks of the ios device itself (networks which should be listed like my grandmas for example.) karma/mana just send out saved networks of other devices (i think just of android)..
Could you just post your mana/karma config files to check for differences why there are no saved networks of ios devices? The auto connect isnt that important.. I think it could work if mana/karma already send out some saved networks what they arent doin right now..
Thank you very much for the help!!
Greetings
|
|
|
Post by xtr4nge on Mar 19, 2016 20:20:06 GMT
Hi gettex, The setup on GitHub repository (Mana and Karma) works with IOS without making any changes. I tested it with latest IOS version and with different devices (5, 5s, 6, 6s) and works just fine. Check that Network-Manager is not running as it can cause some problems. /etc/init.d/network-manager stop Also remove/comment the setup for wlan0 (or any wlanX interface being used by FruityWiFi) from /etc/network/interfacesYou can use the info posted on this thread to debug hostapd, karma and mana manually: fruitywifi.boards.net/thread/65/rpi-kali-01-fruitywifi-issuesTry to connect to the SSID created by FruityWiFi (hostapd, hostapd-mana and hosted-karma), and after confirm that your device is connecting (without enabling karma/mana), then try with karma/mana on each case. Also check that DNSmasq is running after start the AP. if it is not running, then the problem is with DNSmasq (check that server option is commented in dnsmasq.conf) regards,
|
|
|
Post by gettex on Mar 21, 2016 13:40:20 GMT
I just tested a few options of wifi networks at my pc.. Does mana automatically support aes and tkip? Its really strange. If i use the standard config of mana/karma abd connect manually to a network named as i wanted (tttt in my case) to its shown after a clean reinstallation of raspbian and also fruity.. All the other networks (also my home network) are not shown.. So just the networks i manually connected from the idevice (iphone 6, newest ios 9.2.1) are listed after the clean reinstallation not the ones im already connecting everyday..
Edit: dnsmasq is running and server option in dnsmasq.conf is already commented :/
|
|
|
Post by xtr4nge on Mar 21, 2016 14:14:43 GMT
Hi gettex, Then it is working as expected. You are not going to get all devices to connected to your rogue access point. New devices and/or new versions includes countermeasures to prevent this types of attacks, but still working under some scenarios/situations/conditions. There are new options in AP mode that can be enable to enforce the attack (monitor mode required on a second interface: picker/scatter/polite). The new modes will increase the chances, but still, some devices/versions/conditions will not be affected.
But still, on a big number of requests ( multiple users/devices ) you will have a big chance of devices connecting during your pentest. Also, with previous recon performed (smart attack without throwing rocks to the sky), and targeting specific users/devices you will have a big rate of success.
You cannot force a device to connect to your secure AP, unless that you have all the details and you cloned the real AP.
For a real pentest, think smart and plan your attack. A lot of users will fall on common open networks such us Guests networks, Coffee shops, or just because it is a Free WiFi network.
regards,
|
|
|
Post by gettex on Mar 21, 2016 14:29:51 GMT
Ok.. Thank you for those infos.. Im truely at your side of the thoughts of new methods to prevent such attacks, but at an old iphone 4 i just got those ssids spoofed at previos versions.. (Thats why im confused right now) since the update to v2.4 there are also no spoofed networks at this device. (No changes at the device made!)
Thank you for your patience!
Edit: if im trying to manually connect to a spoofed network it says wlan1 sra xx:xx... Ieee802.11: deauthenticated due to local deauth request..
So i think there are still some configuration issues at my side.. -.-'
Edit2: i just rechecked some settings and for now im sure that there are some issues cause even my pc with the rt5370 adapter is not able to get some spoofed aps from its network list.
Couldnt you upload a complet installed setup of an raspi 2 image with a workin fruity for my second pi to make it possible for me to check the differences especially cause you said that your setup is running for quite a few ios devices? Would be really great!
|
|
|
Post by gettex on Mar 24, 2016 13:35:55 GMT
I rechecked a few settings. Sadly ive to tell you that also my laptop aps arent spoofed..
|
|
|
Post by xtr4nge on Mar 25, 2016 20:22:14 GMT
Hi gettex, We will need more context to understand what are you trying to achieve. Start with something simple, HTTP pages from browser.
If you are trying to do something against secure applications or against applications that they are not using a protocol that can be intercepted with the modules that you are using, then you will not get further. Use TCPDUMP to capture the traffic and then do some analysis on Wireshark.
As I mentioned before, you need to planify what do you want to do, and what are you going to use to achieve it.
regards,
|
|
|
Post by gettex on Mar 29, 2016 14:33:33 GMT
The thing is.. It just seems that mana/karma is working with android devices and not for ios and or my notebooks (checked a few devices). You just told that the new devices might have a feature to block such rogue aps, but thats truely not an option for devices such an iphone 4 or an old windows xp notebook (manufactured ~2001).. So im just asking for some configuration infos of your working setup to see the differences on my side.
Reguards GeTTeX
|
|
|
Post by xtr4nge on Mar 29, 2016 15:45:34 GMT
Hi gettex, No changes are needed. Default setup should work with different devices and platforms. The AP created by Hostapd is being used as a real and normal Access Point by many products. Karma and Mana are modifications of Hostapd. As I mentioned before, try with Hostapd, Hostapd-Mana, Hostapd-Karma.
With some devices you need to provide internet connectivity or the device could reject the connection, or at least, you need to spoof DNS and Servers/Sites.
There is not much to say about this topic. You can search/test/change hostapd config file to fit your requirements, but the default setup from the repository should work with different devices and platforms.
regards,
|
|
ehsan
New Member
Posts: 27
|
Post by ehsan on Dec 26, 2016 21:01:07 GMT
Hi gettex, Then it is working as expected. You are not going to get all devices to connected to your rogue access point. New devices and/or new versions includes countermeasures to prevent this types of attacks, but still working under some scenarios/situations/conditions. There are new options in AP mode that can be enable to enforce the attack (monitor mode required on a second interface: picker/scatter/polite). The new modes will increase the chances, but still, some devices/versions/conditions will not be affected. But still, on a big number of requests ( multiple users/devices ) you will have a big chance of devices connecting during your pentest. Also, with previous recon performed (smart attack without throwing rocks to the sky), and targeting specific users/devices you will have a big rate of success. You cannot force a device to connect to your secure AP, unless that you have all the details and you cloned the real AP. For a real pentest, think smart and plan your attack. A lot of users will fall on common open networks such us Guests networks, Coffee shops, or just because it is a Free WiFi network. regards, HI As you said Karma attack only works on some conditions. For example on clients which connected to an Open wifi before and can't work on secured wifi. Does mana have this limitation?
|
|