Linux tools, Howtos


Tools Index


Wireless Commands


FC6 Build Howto


FC5 Build Howto


FC4 Build Howto


Live Linux Distros



Site Search







WIN32 tools, Howtos


Tools Index



Get Firefox!





Miscellaneous WI-FI


Default WI-FI Settings


Rogue AP Howtos


WI-FI Certifications


802.11 Standards




Formats / Extensions


WI-FI Home Security


Useful Links







Project homepage:

"KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. From there, individual clients can be targeted by creating a Rogue AP for one of their probed networks (which they may join automatically) or using a custom driver that responds to probes and association requests for any SSID.  Higher-level fake services can then capture credentials or exploit client-side vulnerabilities on the host." -

Download latest stable code (currently KARMA SNAPSHOT 20060124) from

Local Mirror: karma-20060124.tar.gz  MD5: e9d4ccbda89b4b1cd70eefb1db339d0a

Installing KARMA

Using KARMA (discovery)

Using KARMA (Rogue Services)



Installing KARMA:

The following installation process assumes that you are utilising the FC4 Auditing Laptop Build as described in the Auditing Laptop Build: HOWTO all other builds have not been tested. 


Thanks to Dino Dai Zovi (tools co-author) for the new KARMA snapshot, which is easily installed on FC4.


tar zxvf karma-20060124.tar.gz


cd karma-20060124


cp  src/misc/madwifi.patch  /root


cd /root


patch -p0  <  madwifi.patch


ln -s  /sbin/iwconfig  /usr/sbin/iwconfig


ln -s  /sbin/iwpriv  /usr/sbin/iwpriv


ln -s  /sbin/iwevent  /usr/sbin/iwevent


yum install ruby (answer "y" when prompted).



Using KARMA (discovery):


cd /tools/wifi/karma-20060124


bin/ ath0


(cd ./src/ && make) && ./src/karma ath0



"This display will list wireless clients in range and the networks they send probe requests for.  This reveals the entries in their preferred networks list." -


KARMA runs in stealth mode so basic wireless scanning activity (e.g. Netstumbler) will not detect the servers presence.



Using KARMA (Rogue Services):


KARMA also provides a number of other configurations stored in karma-20060124/etc







karma-scan.xml - "Attempts to find insecure wireless clients that will associate to rouge network and possibly obtain IP address via DHCP". -




cd /tools/wifi/karma-20060124


bin/  ath0


bin/karma  etc/karma-scan.xml




Now the rogue services are started any probing clients will now connect to KARMA on our machine whichever SSID their machine chooses to use.




Above we can see the client received the IP address from KARMA's DHCP server.







karma.xml - "Runs a rogue base station with DHCP, DNS and HTTP services.  The HTTP service re-directs all requests to the ExampleWebExploit module that displays a simple HTML page.  This page can be replaced with something that informs the user that their wireless settings are insecure and that it may be a violation of corporate policy etc" -




cd /tools/wifi/karma-20060124


bin/  ath0


bin/karma  etc/karma.xml




KARMA is now offering a variety of services (POP, FTP and HTTP) for any curious user to connect up to.




Above we can see an attempted FTP connection to which actually was received by KARMA and the users credentials - username = myusername and password = mypassword were capture by KARMA.







karma-lan.xml - "This configuration runs a  rogue DHCP, DNS and HTTP services on an existing (wired) network connection.  The HTTP service redirects all requests to ExampleWebExploit module that displays simple HTML page" -




cd /tools/wifi/karma-20060124


bin/  ath0


bin/karma  etc/karma-lan.xml


The karma-lan.xml configuration file provides you with all the features (e.g. to capture POP, FTP and HTTP traffic) of karma.xml but for a wired interface.

Many thanks to Dino Dai Zovi for producing the new KARMA snapshot without which this guide would not exist.


   Copyright 2010 All Rights Reserved.