I know where you live

OWASP Czech Chapter Meeting

An introduction into the KARMA attack, exploiting the behavior of some Wi-Fi devices, where vulnerable clients broadcast a “preferred network list” (PNL), which contains the SSIDs of access points to which they have previously connected. We will revisit the old technique, current defenses applied by vendors and build a custom access point using Raspberry Pi & Python.

---

Source code

• https://github.com/vavkamil/SpyPortal

Slides

• https://vavkamil.cz/assets/slides/2021-08-05-where-you-live.pdf