Capturing WPA handshake question

new2bt3 · 01-12-2009, 01:45 AM

when using the airodump/aireplay method of capturing the WPA handshake I keep getting the target bssid shows as the captured handshake in the upper right corner of airodump. It does not show up right away, after a minute or two, but with many WPA routers I have tested this on when it grabs the handshake it is always the bssid of the target AP. Im not getting why this is happening??

Using an Atheros card, and using the latest aircrack suite.

I read many threads and could not find this issue, so forgive me if I over say it somewhere.

**secure_it** · 01-12-2009, 02:25 AM

Run the wireshark and use this filter
eapol.keydes.type==2
and let client authenticate with AP or deauth the client,when he tries to re-authenticate you will get 4 way handshake.one more method is run airodump in one window and use aireplay-ng to deauth the station.when station will try to reauth.you will be able to capture 4 way handshake completely in airodump window in top-right corner.if stil problem persist,tell what all commands you are using.

new2bt3 · 01-12-2009, 08:31 PM

Run the wireshark and use this filter
eapol.keydes.type==2
and let client authenticate with AP or deauth the client,when he tries to re-authenticate you will get 4 way handshake.

This did not work for me.

Disregard this thread, displaying the target AP is confirming the captured handshake. I was not sure if thats what is was to show or not.

new2bt3 · 01-12-2009, 08:49 PM

Deleted for being a stupid question

**tigerduck** · 01-25-2009, 02:02 PM

hm it doesnt work 4 me 2
i'm still a rookie using backtrack.
i tried to caputre an handshake.. but i don't get it.
i using BT2 with a dlink dwl g520 (TI chip) runs with ASX111
i see the ap mac and the client one.

can someone help me plz.
thanks a lot

**killadaninja** · 01-25-2009, 02:17 PM

Use spoonwep to automate the handhske capture

**imported_=Tron=** · 01-25-2009, 02:40 PM

Originally Posted by killadaninja

Use spoonwep to automate the handhske capture

SpoonWPA.

**killadaninja** · 01-25-2009, 02:49 PM

I actually did mean spoonwep Tron, it has a deauth feature on it and stores the handshke in its dump file. I have not yet even used spoonwpa. :-o EDIT Sorry Shamen

**secure_it** · 01-25-2009, 04:13 PM

Originally Posted by killadaninja

I actually did mean spoonwep Tron, it has a deauth feature on it and stores the handshke in its dump file. I have not yet even used spoonwpa. :-o EDIT Sorry Shamen

spoonwep is able to deauth clients and get 4 way handshake??

then what for spoonwpa is?

**imported_=Tron=** · 01-25-2009, 04:36 PM

Originally Posted by secure_it

spoonwep is able to deauth clients and get 4 way handshake??

then what for spoonwpa is?

Well both are using the aircrack-ng suite to do all the work so it is only natural that SpoonWEP will capture the handshake and report this just as SpoonWPA. However, SpoonWEP naturally will not support the dictionary attacks etc. which is why I thought killadaninja was thinking of SpoonWPA in his earlier post.

BackTrack Linux - Penetration Testing Distribution

Thread: Capturing WPA handshake question

Thread Tools

Search Thread

Display

Capturing WPA handshake question

Posting Permissions