K A R M E T A S P L O I T
Karmetasploit is Metasploit’s implementation of
KARMA, a set of wireless security tools developed
by Dino Dai Zovi and Shane Macaulay. KARMA takes
advantage of a vulnerability inherent in the way Win-
dows XP and Mac OS X operating systems search
for networks: When each system boots, it sends bea-
cons looking for networks to which it has connected
previously.
An attacker using KARMA sets up a fake access point on his computer
and then listens for and responds to these beacons from the target, pretending
to be whatever wireless network the client is looking for. Because most client
computers are configured to connect automatically to wireless networks they
have already used, KARMA can be used to gain complete control of a client’s
network traffic, thus allowing an attacker to launch client-side attacks, capture
passwords, and so forth. With the prevalence of poorly secured corporate
wireless networks, an attacker using KARMA can sit in a nearby parking lot,
adjacent office, or similar, and gain access to a target’s network with little
effort. You can read more about the original implementation of KARMA at
http://trailofbits.com/karma/
.