Karmetasploit: Integrated Tools Lower Bar On Hacking Wireless Clients

Posted by Hemant Chaskar on May 25, 2009 2:04:53 AM

Metasploit Framework integrated with KARMA! Metasploit is most potent security penetration and exploit development platform, while KARMA is a potent Evil Twin (Honeypot) tool with attracts unassuming wireless clients. With this integrated tool, it is all the more easier to establish wireless connectivity with probing wireless clients and “Metasploit” them.
http://trac.metasploit.com/wiki/Karmetasploit
http://blog.trailofbits.com/karma/

It has been consistently observed that wireless clients are at great risk of falling prey to Evil Twin because they keep probing for wireless networks in their preferred network list (PNL) all the time. Users often connect to wireless networks at various places and later forget to “clean up” the PNL. For example, the study performed by AirTight at airports worldwide showed large percentage of clients probing for undesirable SSIDs form their preferred network lists.
http://www.airtightnetworks.com/home/resources/knowledge-center/airport-scan.html
This finding was reinforced with the recent scan of financial districts.
http://www.airtightnetworks.com/home/resources/knowledge-center/financial-districts-scanning-report.html.

These realities and developments underscore need for protecting wireless enabled laptops from Evil Twin (Honeypot) and misassociations in general, i.e., wireless connections of clients to APs other than authorized APs.

Topics: Wireless security

Subscribe to Email Updates

Join the Cloud Revolution