Alright, so I'm kind of a noob to this so bare with me.
I recently bought a wifi pineapple and noticed that, when you host a fakeAP with the same SSID as a nearby access point, your access point sometimes overrides it. Now I was thinking that if you hosted a fake access point with wpa2 encryption and the same SSID as an access point in the area then clients attempting to connect to the legitimate access point would actually try their password on your fake one. This would obviously not let them into the wifi, but if you could somehow view a log of tried passwords on your access point, then you might find their password, leaving them just thinking that they put their password in wrong.
Not sure if this is the right place to raise this topic, but I was hoping someone could disprove this idea or help me figure out how to make it happen, Thanks
