Using Wifi Pineapple to get Wpa2 Passwords

[Jack!]

Alright, so I'm kind of a noob to this so bare with me.

I recently bought a wifi pineapple and noticed that, when you host a fakeAP with the same SSID as a nearby access point, your access point sometimes overrides it. Now I was thinking that if you hosted a fake access point with wpa2 encryption and the same SSID as an access point in the area then clients attempting to connect to the legitimate access point would actually try their password on your fake one. This would obviously not let them into the wifi, but if you could somehow view a log of tried passwords on your access point, then you might find their password, leaving them just thinking that they put their password in wrong.

Not sure if this is the right place to raise this topic, but I was hoping someone could disprove this idea or help me figure out how to make it happen, Thanks

[Rkiver]

https://forums.hak5.org/index.php?/forum/78-mark-v/ is likely the best place to spot it.

As for yet, due to the nature of WPA2 it's not that easy (at least by my understanding).

Anyone else care to chime in and correct me if I am mistaken?

[cooper]

There's a 4-way handshake when a client connects whereby both the client and the server send each other a hash of the password. The goal is to make both of them not transmit the password in the clear, yet prove to each other that they know what the correct password is.

In short: That specific scenario has been taken into account when they designed WPA2 and thus it won't work.

[digininja]

I refer you to this post:

https://forums.hak5.org/index.php?/topic/28610-read-me-collection-of-important-posts/?p=217084