> For the complete documentation index, see [llms.txt](https://repo.4pfsec.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://repo.4pfsec.com/wireless-penetration-testing/wifi-pineapple-tetra/capturing-wireless-handshake.md). # Capturing Wireless Handshake Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my **own network**. ## Recon Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my **own network**. ### Scanning * Access the Recon Tab ![](/files/-Mg_oRoMLqSrNTGuPxy0) * Setup Scan Settings and Run Scan ![](/files/-Mg_oUba7VWCVUjoPGwr) * Running Scan ![](/files/-Mg_oXfUiAUERf_Q-C7S) ## Targetting Once the scan is left to run for a short period of time, multiple targets should start popping up (As seen below). All these networks are the ones that are in the range of the Wifi 🍍. ![](/files/-Mg_q7a5Rg-7Y5y0I3cb) ### Target Network Here's my network which I'm gonna be attacking! (shown below) ![](/files/-Mg_qAJ_e7CoKSqMFT5J) It's evident that one client is currently authenticated with the network. The MAC address of the client is shown right below the router's MAC. ## Attacking Now that we have our target and have verified that there are clients connected to it, we can conduct a deauth attack on the network and listen for handshakes destined to the network. Deauthenticating clients from a network will force them to reconnect to it. While the reconnection is happening, we would be able to sniff and capture the handshake which we can then use to crack :) ### Launching Attack * Hit the dropdown on the `security` tab ![](/files/-Mg_qGMfvrLIYiay0CiU) * Hit `Start Capture` ![](/files/-Mg_qIttYVql9fCQneqj) * Hit `Deauth` ![](/files/-Mg_qLuQziSnZybTcS98) * Successful Capture of handshake ![](/files/-Mg_qOzR1QvocbmEnziA) At this point, we have obtained a capture of the handshake which can then be used to crack the Pre-Shared Key (PSK) of the network with a trusty wordlist. ### Live Attack (On client) This is what the client would witness when the attack is underway. Most of the time we wouldn't even notice this happening when we are out and about, going through our regular day. #### Mobile {% embed url="" %} #### Desktop {% embed url="" %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://repo.4pfsec.com/wireless-penetration-testing/wifi-pineapple-tetra/capturing-wireless-handshake.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.