4

I have captured wifi traffic from a WPA network using Wireshark. I filtered the results for "eapol" packets and noted in the info column there are message type 3 and type 1. I believe this is two parts of the WPA four-way handshake.

Within these packets I see things like 802.1X Authentication, where will I find the hash of the WPA password/key?

PS: I know there are many cipher method which use in WPA like TKIP or CCMP and I read about the WPA authentication, but I was unable to determine where within the message the password can be found.

Eric G
  • 9,691
  • 4
  • 31
  • 58
user2729246
  • 41
  • 1
  • 1
  • 2

1 Answers1

3

The hash is not passed directly in the string of bits. It will not just be there to grab in one packet. In order to attack WPA/WPA2 you must capture the entire four-way handshake. The key itself is not really sent as part of the message, since both sides know the key, they just need to prove to each other they know it, not send a hash for verification. One you have all parts of the four-way handshake capture, you then just brute force passwords until you get one that fits.

References:

Edit: Please see details in this question and answer. The answer is about the same, but your question is slightly different so it may not be merged as a duplicate.

Community
  • 1
Eric G
  • 9,691
  • 4
  • 31
  • 58