Hey guys!

This is a technique I've been using recently. It's a little more complex than usual, however, if you play the cards rights you have pretty good chances.

This technique doesn't involve capturing handshakes at all. Check out the steps:

1. Identify target & do recon;
2. Clone the target network;
3. Redirect traffic on cloned AP to a service page (asking for the WPA-2 Key) -- this page has to be on point, convincing;
4. Deauthenticate the hosts on the original network, and wait 'till they connect to our cloned network;

Check out the video: http://vimeo.com/34309678

* Video made under controlled circumstances for educational purposes. ;]