Capturing Wireless Handshake
This section covers how a wireless handshake can be captured via the deauth method
Last updated
This section covers how a wireless handshake can be captured via the deauth method
Last updated
Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.
Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.
Access the Recon Tab
Setup Scan Settings and Run Scan
Running Scan
Once the scan is left to run for a short period of time, multiple targets should start popping up (As seen below). All these networks are the ones that are in the range of the Wifi 🍍.
Here's my network which I'm gonna be attacking! (shown below)
It's evident that one client is currently authenticated with the network. The MAC address of the client is shown right below the router's MAC.
Now that we have our target and have verified that there are clients connected to it, we can conduct a deauth attack on the network and listen for handshakes destined to the network. Deauthenticating clients from a network will force them to reconnect to it. While the reconnection is happening, we would be able to sniff and capture the handshake which we can then use to crack :)
Hit the dropdown on the security tab
Hit Start Capture
Hit Deauth
Successful Capture of handshake
At this point, we have obtained a capture of the handshake which can then be used to crack the Pre-Shared Key (PSK) of the network with a trusty wordlist.
This is what the client would witness when the attack is underway. Most of the time we wouldn't even notice this happening when we are out and about, going through our regular day.
