Sniff what SSIDs nearby phones are searching for, then spin up a matching honeypot with your custom captive portal.

1. Start sniffer:

start_sniffer

2. Stop after enough packets:

stop

3. List probe requests:

list_probes

4. Choose HTML portal on SD:

list_sd
select_html <INDEX>

5. Deploy karma attack using chosen probe SSID:

start_karma <PROBE_INDEX>

Use their searching habits against them.
Beware: Only for penetration testing in legal, ethical contexts!