OTOMATISASI KARMA ATTACK
DOI:
https://doi.org/10.56706/ik.v15i1.8Keywords:
KARMA Attack, Spoofing, System Development Life Cycle, Uji Keamanan, Wireless FidelityAbstract
Wireless Fidelity (WiFi) merupakan salah satu bentuk telekomunikasi tanpa kabel yang memiliki perkembangan cukup pesat. WiFi dapat dijumpai di tempat-tempat umum seperti rumah makan, warung kopi, pusat perbelanjaan, dan tempat umum lainnya. Namun, kenyamanan WiFi juga disertai dengan kerawanan yang dimiliki. Komunikasi antara klien dan access point rentan terhadap man in the middle attack seperti sniffing atau spoofing. Salah satu serangan yang menggunakan teknik spoofing adalah KARMA attack. Dengan adanya kerawanan tersebut, maka perlu dilakukan pengujian menggunakan alat uji manual atau otomatis agar dapat menjadi rekomendasi untuk pengamanan WiFi. Penggunaan alat uji otomatis dinilai memberikan efektifitas terhadap proses uji tersebut. Pada penelitian ini dibuat purwarupa aplikasi otomatisasi KARMA attack dengan metode System Development Life Cycle (SDLC) menggunakan pendekatan waterfall. Pengujian dan analisis dilakukan untuk mengetahui kemampuan purwarupa otomatisasi KARMA attack pada kondisi tertentu. Hasil pengujian dan analisis menunjukkan bahwa purwarupa otomatisasi KARMA attack berjalan dengan baik
References
P. C. Z. Qiang, “Proof of Concept: Network Vulnerability through Wi-Fi Spoofing,” Universiti Tunku Abdul Rahman, Perak, 2017.
W. S. Bhaya and S. A. AlAsady, "Prevention of Spoofing Attacks in the Infrastructure Wireless Networks," Journal of Computer Science, pp. 1769-1779, 2012.
A. Redondi dan M. Cesana, “Building up knowledge through passive WiFi probes,” Computer Communication, pp. 1-12, 2018.
M. Conti, N. Dragoni and V. Leysk, "A Survey of Man in The Middle Attacks," IEEE, 2016.
D. A. D. Zovi, "KARMA Attacks Radioed Machines Automatically," Online. (http://theta44.org/karma), 2006.
E. Ramadhani, "EKSPLORASI ISU KEAMANAN JARINGAN WIRELESS STUDI KASUS UNIVERSITAS GADJAH MADA," Media Informatika, Yogyakarta, 2014.
J. Creasey, "A guide for running effective Penetration Testing programme," CREST, 2017.
Kemendikbud, "Kamus Besar Bahasa Indonesia," Online (https://kemendikbud.go.id).
R. Breton and E. Bosse, "The Cognitive Cost and Benefit of Automation," Warsaw, 2002.
A. Holt and C.-Y. Huang, 802.11 Wireless Network: Security and Analysis, London: Springer, 2010.
R. B. Abdelrahman, A. B. Mustafa and A. A. Oman, "A Comparison between IEEE 802.11a, b, g, n, and ac Standards," IOSR Journal of Computer Engineering, pp. 26-29, 2015.
Cisco, "802.11 Association process explained," Cisco Meraki.
A. E. Earle, Wireless Security Handbook, Auerbach Publication, 2006.
Bachan, "KARMA: A MITM Attack," www.cybrary.it, 2016.
J. Cache, J. Wright and V. Liu, Hacking Exposed Wireless: Wireless Security Secret & Solutions, McGrawHill Publisher, 2010.
S. Kelley, "Man Page of DNSMASQ," www.thekelleys.org.uk, 2020.
Sensepost, "Hostapd-Mana Overview," https://github.com/sensepost/hostapd-mana/wiki, 2019.
T. Hill, "IP TABLES: A Beginner's Tutorial," 2013.
"Tshark Manual Page," https://www.wireshark.org/docs/man-pages/tshark.html.
R. Regan dan M. L. Manickam, “A Survey on Impersonation Attack in Wireless Networks,” International Journal of Security and Its Applications, pp. 39-48, 2017.
R. Ibrahim, “Implementasi Skema Autentikasi Pengguna pada Jaringan Nirkabel dengan Membandingkan BSSID/MAC Address untuk Mencegah Serangan Autentikasi Palsu,” Sekolah Tinggi Sandi Negara, Bogor, 2018.
S. A. Mokhov, M. J. Assels dan J. Paquet, “Automating MAC Spoofer Evidence Gathering and Encoding for Investigations,” Computer Science, pp. 168-183, 2015.
Z. A. Hasibuan, Metodologi Penelitian Pada Bidang Ilmu Komputer Dan Teknologi Informasi, Depok: Fasilkom Universitas Indonesia, 2007.
A. Dennis, System Analysis and Design, America: John Wiley & Sons, Inc, 2012.
hash3liZer, "Fake AP: How To Create An Evil Twin Karma Access Point," (Online) https://www.shellvoide.com/wifi/fake-ap-how-to-create-an-evil-twin-karma-access-point/, 2019.
xtr4nge, "FruityWifi: Wireless Network Auditing Tool," (online) http://fruitywifi.com/index_eng.html, 2014.
P. Gianchandani, "Karmetasploit, Pwning the Air!," Info Sec Institute, 2011.
hak.org, "WiFi Pineapple Quick Start Guide," (online) https://docs.hak5.org/hc/en-us/articles/360010555313-Setup-Basics, 2012.