-
Notifications
You must be signed in to change notification settings - Fork 128
Proportionality Options
By default, mana will try to Hack The Planettm, that is to say, it will indiscriminately target every device and rebroadcast every probed for network. If you enable loud mode, even more so.
You can limit this.
You can white list only specific SSIDs to be rebroadcast and ignore any others. This is done by adding the following option to your hostapd.conf:
mana_ssid_filter_file=hostapd.ssid_filter
hostapd.ssid_filter
is a file containing a list of SSIDs, one per line e.g.:
FBI Surveillance Van
Home
By default, most access points, including hostapd, will allow you to specify a MAC address filter. This will allow/deny specified MAC addresses from associating. This is done using the following default hostapd.conf options:
# 0 = accept unless in deny list
# 1 = deny unless in accept list
macaddr_acl=1
accept_mac_file=hostapd.accept
deny_mac_file=hostapd.deny
00:00:00:00:00:00
format), one per line
.
In mana I took things further, and created an ACL that will allow/deny MAC addresses from being sent any management frames at all i.e. no probe responses. This can allow you to effectively hide mana’s activities from some device IDs.
This is enabled with the following config option, and requires the normal MAC ACL functionality to have been configured:
mana_macacl=1
In addition, I extended the hostapd.accept and deny files, to allow for bitmasks against the MAC address. An idea I originally saw in airodump-ng. Here’s an example of such an entry from the sample hostapd.accept:
00:11:22:33:44:55 ff:ff:ff:00:00:00
00:11:22:
.
More complex options are available. For example, randomised MAC addresses can be identified because the second bit of the first group is set. So a line such as this would match these:
02:00:00:00:00:00 02:00:00:00:00:00