Jasager

Welcome to Jasager - Karma on the Fon.

Jasager is an implementation of Karma designed to run on OpenWrt on the Fon. It will probably run on most APs with Atheros wifi cards but it was designed with the Fon in mind as it is a nice small AP which gives it a lot of scope for use in penetration tests and other related fun.

A quick highlight of features:

  • Web interface showing currently connected clients with their MAC address, IP address (if assigned) and the SSID they associated with
  • The web interface allows control of all Karma features and can either run fully featured through AJAX enabled browsers or just as well through lynx
  • Auto-run scripts on both association and IP assignment
  • Full logging for later review
  • Pluggable module system for easy extensibility
  • Basic command line interface so you don't have to remember the different iwpriv commands

Please give your feedback, bug reports, comments, praise, etc either through jasager@digininja.org or on the Hak5 forums.

To pre-empt the question of "Will this work on a laptop instead?", with some slight tweeking it should do but I haven't tested this for two reasons. First, from a security point of view, the web server needs to have some way to execute the iw and if commands. On the Fon everything runs as root by default so this doesn't really create any extra problems on top of what is already there but on a laptop it could be an issue. The second reason is because I have plans for a laptop version which will build on this and run in a much better way due to the extra processor/storage space.

I've recently worked with Orange from the Piranha project to integrate Jasager into his firmware. Together, but mostly Orange, we worked out how to make a Jasager Makefile so it could be built directly into the firmware and as a proper OpenWrt package rather than my original script which built the package with tar and gzip.

Uses

As with any tools, this tool can be used for good or bad. Here are some of the good uses:

  • In your office - Set it up to capture laptops before the bad guys do. Use a website to remind them of the rules.
  • On penetration tests - Lure in target clients to find a back door into networks
  • At home - Have fun with neighbours who try to steal your wifi bandwidth