Capturing Wireless Handshake
This section covers how a wireless handshake can be captured via the deauth method
Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.
Recon
Like every other penetration test, this starts with recon too! The first step to the attack would be to identify our "target". In this case, I will be attacking my own network.
Scanning
Access the Recon Tab
Setup Scan Settings and Run Scan
Running Scan
Targetting
Once the scan is left to run for a short period of time, multiple targets should start popping up (As seen below). All these networks are the ones that are in the range of the Wifi 🍍.
Target Network
Here's my network which I'm gonna be attacking! (shown below)
It's evident that one client is currently authenticated with the network. The MAC address of the client is shown right below the router's MAC.
Attacking
Now that we have our target and have verified that there are clients connected to it, we can conduct a deauth attack on the network and listen for handshakes destined to the network. Deauthenticating clients from a network will force them to reconnect to it. While the reconnection is happening, we would be able to sniff and capture the handshake which we can then use to crack :)
Launching Attack
Hit the dropdown on the
securitytab
Hit
Start Capture
Hit
Deauth
Successful Capture of handshake
At this point, we have obtained a capture of the handshake which can then be used to crack the Pre-Shared Key (PSK) of the network with a trusty wordlist.
Live Attack (On client)
This is what the client would witness when the attack is underway. Most of the time we wouldn't even notice this happening when we are out and about, going through our regular day.
Mobile
Desktop
Last updated
