MY80211
INTEL WIRELESS
Cisco Wireless
CCIE Wireless V3
Wired Stuff
CCIE Wireless v2
WiFi Tablet Corner
My80211 Projects
WiFi Tools
CWNP or BUST Blogs!
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Info
Social Links
Revolution WiFi Capacity Planner

Cerification Guides and Books
Blogroll Call
IEEE 802.11 STANDARDS
Anchor / Office Extends Ports

 

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

LWAPP QoS Packet Tagging

 

 

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

IEEE 802.11a/g/n Reference Sheet

 

« Autonomous: Enable / Disable Web Browser Interface | Main | Cisco Valet - Home Wireless »
Sunday
Apr042010

Pineapple v2 - Jasager -- “The Yes Man” (WiFi man in the middle attack)

DateSunday, April 4, 2010 at 1:07PM

 

 

Robin Wood (DigiNinja) and Darren Kitchen (Hak5) collaborate on the newest Pineapple release called the WiFi Pineapple Version 2. It is running Jasger --In German it means "The Yes Man".

So what is a Pineapple you ask?

Think of a wireless router that detects probe request from clients and this wireless router responds to these probe request with a probe response allowing ALMOST anyone to attach. I see the wheels turning, right ... cool stuff but there is more!

Robin Wood the author of Jasger which is installed on the Pineapple includes the linux program called "Karma". Karma is a web front end that allows you to direct traffic and allows you control of the web content.

So in short, think of man in the middle attack where people attach to you and you can filter and control their traffic and SO MUCH MORE. 

You can purchase one already pre-built for $109. 

http://www.hak5.org/store/wifi-pineapple-version-2

 

Leeched: http://www.digininja.org/jasager/ 

Jasager

Welcome to Jasager - Karma on the Fon.

Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:

  • Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
  • The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
  • Auto-run scripts on both association and IP assignment
  • Full logging for later review
  • Pluggable module system for easy extensibility
  • Basic command line interface so you don't have to remember the different iwpriv commands

Please give your feedback, bug reports, comments, praise, etc either throughjasager@digininja.org or on the Hak5 forums.

To pre-empt the question of "Will this work on a laptop instead?", with some slight tweeking it should do but I haven't tested this for two reasons. First, from a security point of view, the web server needs to have some way to execute the iw and if commands. On the Fon everything runs as root by default so this doesn't really create any extra problems on top of what is already there but on a laptop it could be an issue. The second reason is because I have plans for a laptop version which will build on this and run in a much better way due to the extra processor/storage space.

I've recently worked with Orange from the Piranha project to integrate Jasager into his firmware. Together, but mostly Orange, we worked out how to make a Jasager Makefile so it could be built directly into the firmware and as a proper OpenWrt package rather than my original script which built the package with tar and gzip.

Uses

As with any tools, this tool can be used for good or bad. Here are some of the good uses:

  • In your office - Set it up to capture laptops before the bad guys do. Use a website to remind them of the rules.
  • On penetration tests - Lure in target clients to find a back door into networks
  • At home - Have fun with neighbours who try to steal your wifi bandwidth 

AuthorGeorge | CommentPost a Comment | Reference3 References |
tagged , , , ,

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (3)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Notify me of follow-up comments via email.