Home 0P3N Blog KARMA: A MITM Attack
Ready to Start Your Career?
Create Free Account
bachan s profile image
By: bachan
October 25, 2016

KARMA: A MITM Attack

By: bachan
October 25, 2016
bachan s profile image
By: bachan
October 25, 2016
rsz_mitmHello, Cybrarians !It's time to gain some information about man-in-the-middle attack. Most of you people ever heard about the attack KARMA which I am going to explain here. So, let us start.

What is KARMA ?

KARMA stands for Karma Attacks Radio Machines Automatically. A radio machine could simply be a smart-phone, tablet, laptop or any wi-fi enabled device. It is a man-in-the-middle attack that it creates a rough AP and attacker could intercept all the traffic passing from the AP.First, we'll talk about the working of the wi-fi. Every time you on your wi-fi, your device start sending probe requests.Let's suppose you were connected to pawnshop wi-fi network so your device remembered it. Now here the KARMA attack takes place. Suppose your wi-fi is on, so your device is sending probe requests continuously (you are 1000 km away from the pawnshop wi-fi network). When a KARMA enabled device (attacker device) listens for the probe request, it intercepts the probe request packet and generates the same AP for which the device is sending probes. When the device gets a probe response and it is being remembered then device tries to connect to roughAP and when the connection is being established  your data traffic is passing from the roughAP (attacker) which can be intercepted. It doesn't matter how far the pawnshop wi-fi is from your device.All the other wi-fi devices, like routers, KARMA device doesn't emit beacon frames. But when it listens to a probe request for a specific SSID then it generates the wi-fi for the SSID to deliver the client. A client sees the SSID is available there and tries to connect. You can write your own script for making your own KARMA enabled device or there is hardware available, named WiFi pineapple for performing these types of attacks.I hope you understand. There is another post written by me https://www.cybrary.it/0p3n/fluxion-tool-hacking-wi-fi-without-dictionary-bruteforce/Thanks! If you like what I do, please support me on my youtube channel by subscribing.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry