Jack! Posted August 30, 2015 Share Posted August 30, 2015 Alright, so I'm kind of a noob to this so bare with me. I recently bought a wifi pineapple and noticed that, when you host a fakeAP with the same SSID as a nearby access point, your access point sometimes overrides it. Now I was thinking that if you hosted a fake access point with wpa2 encryption and the same SSID as an access point in the area then clients attempting to connect to the legitimate access point would actually try their password on your fake one. This would obviously not let them into the wifi, but if you could somehow view a log of tried passwords on your access point, then you might find their password, leaving them just thinking that they put their password in wrong. Not sure if this is the right place to raise this topic, but I was hoping someone could disprove this idea or help me figure out how to make it happen, Thanks Quote Link to comment Share on other sites More sharing options...
Rkiver Posted August 31, 2015 Share Posted August 31, 2015 https://forums.hak5.org/index.php?/forum/78-mark-v/ is likely the best place to spot it. As for yet, due to the nature of WPA2 it's not that easy (at least by my understanding). Anyone else care to chime in and correct me if I am mistaken? Quote Link to comment Share on other sites More sharing options...
cooper Posted August 31, 2015 Share Posted August 31, 2015 There's a 4-way handshake when a client connects whereby both the client and the server send each other a hash of the password. The goal is to make both of them not transmit the password in the clear, yet prove to each other that they know what the correct password is. In short: That specific scenario has been taken into account when they designed WPA2 and thus it won't work. Quote Link to comment Share on other sites More sharing options...
digininja Posted August 31, 2015 Share Posted August 31, 2015 I refer you to this post: https://forums.hak5.org/index.php?/topic/28610-read-me-collection-of-important-posts/?p=217084 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.