Skip to content

Proportionality Options

Dominic White edited this page Jul 23, 2018 · 4 revisions

Proportionality

By default, mana will try to Hack The Planettm, that is to say, it will indiscriminately target every device and rebroadcast every probed for network. If you enable loud mode, even more so.

You can limit this.

SSID Whitelisting

You can white list only specific SSIDs to be rebroadcast and ignore any others. This is done by adding the following option to your hostapd.conf:

mana_ssid_filter_file=hostapd.ssid_filter
Where hostapd.ssid_filter is a file containing a list of SSIDs, one per line e.g.:
FBI Surveillance Van
Home
Practically, it’s usually a good idea to first run without the whitelist, but with SSID logging on, so you can get a feel for what’s out there and prep a whitelist. You could also check WiGLE for potential target networks beforehand.

Normal MAC Address Access Control Lists

By default, most access points, including hostapd, will allow you to specify a MAC address filter. This will allow/deny specified MAC addresses from associating. This is done using the following default hostapd.conf options:

# 0 = accept unless in deny list
# 1 = deny unless in accept list
macaddr_acl=1
accept_mac_file=hostapd.accept
deny_mac_file=hostapd.deny
Where hostapd.{accept|deny} has a list of MAC addresses (in 00:00:00:00:00:00 format), one per line .

Mana MAC Address Access Control Lists

In mana I took things further, and created an ACL that will allow/deny MAC addresses from being sent any management frames at all i.e. no probe responses. This can allow you to effectively hide mana’s activities from some device IDs.

This is enabled with the following config option, and requires the normal MAC ACL functionality to have been configured:

mana_macacl=1

In addition, I extended the hostapd.accept and deny files, to allow for bitmasks against the MAC address. An idea I originally saw in airodump-ng. Here’s an example of such an entry:

00:11:22:33:44:55   ff:ff:ff:00:00:00
The first MAC address is the base, and the second is the mask. Each character of the base will be bitwise AND’ed against the mask. So, in our example, we’re effectively saying we should match any MAC address starting with 00:11:22:. More complex options are available. For example, randomised MAC addresses can be identified because the second bit of the first group is set. So a line such as this would match these:
02:00:00:00:00:00   02:00:00:00:00:00
This can allow you to control whether random MACs should be mana’ed or not. I’d recommend this line be put in your hostapd.accept file, as most modern devices make use of randomised MACs for initial probing.