background image

K A R M E T A S P L O I T

Karmetasploit is Metasploit’s implementation of 
KARMA, a set of wireless security tools developed 
by Dino Dai Zovi and Shane Macaulay. KARMA takes 
advantage of a vulnerability inherent in the way Win-
dows XP and Mac OS X operating systems search 
for networks: When each system boots, it sends bea-
cons looking for networks to which it has connected 
previously.

An attacker using KARMA sets up a fake access point on his computer 

and then listens for and responds to these beacons from the target, pretending 
to be whatever wireless network the client is looking for. Because most client 
computers are configured to connect automatically to wireless networks they 
have already used, KARMA can be used to gain complete control of a client’s 
network traffic, thus allowing an attacker to launch client-side attacks, capture 
passwords, and so forth. With the prevalence of poorly secured corporate 
wireless networks, an attacker using KARMA can sit in a nearby parking lot, 
adjacent office, or similar, and gain access to a target’s network with little 
effort. You can read more about the original implementation of KARMA at 

http://trailofbits.com/karma/

.