Hello r4p3 members. This tutorial is going to show you how to hack WiFi (Wireless Fidelity) access points. This tutorial specifically covers capturing the encrypted four-way handshake. You only need to get ¾ packets that are sent. My next tutorial will cover cracking the handshake. The Method: The best way to capture WiFi handshakes on WPA2 is by making the user(s) disconnect and reconnect. When they reconnect you capture their handshakes, as mentioned before you only need ¾ packets that are part of the handshake, to be more specific the first two and then either the third or fourth. You can also wait for a user to reconnect if the network is very active instead of removing someone from the network, this might cause less suspicion, but your chances of success are way lower. Software Required: Linux: aircrack-ng suite – Should be in your repos. Windows: aircrack-ng suite - http://www.aircrack-ng.org/downloads.html Hardware Required: A compatible WiFi card. Step one: Identify your target This means you get the BSSID of the WiFi network you own. Make sure to have exact spelling. Step Two: Configure Your Hardware On linux: You need to set your WiFi device (usually wlan0, use “airmon” to check) to monitor mode. You can use the following command to do this. Code: airmon-ng start wlan0 On windows: This is very hard. There are a very limited amount of WiFi cards that can work. Do not be surprised if it doesn’t work. If it does you are very lucky (or have done your research and bought the correct hardware). Note: For all commands: run the same command as Linux, just with the correct application name (aircrack-ng.exe <command>) for all commands. Code: airmon-ng start wlan0 Step Three: Further Identification of Target Next you need to get the WiFi BSSID Mac Address. You can run the following command to identify the Mac address. Code: airodump-ng wlan0 Step Four: Deauthing the User(s) and Capturing the Handshake This is where the magic happens. You are now going to “kick” the user off their network and then capture the handshake when they automatically reconnect. You can use the following command to do this: Code: aireplay-ng --deauth 100 -a AA:BB:CC:DD:EE:11 mon0 Step Five: Repeat Step Four Until Key is Captured As mentioned in step. You can confirm you have captured the key by looking for “WPA Handshake” in the info section.