Working on WiFi Authentication and Connection
Typically, connection between a wireless router and client device works as follows:
- The client device searches for all the available networks nearby and displays their Service Set Identifier (SSID) which can be possibly connected by the device.
- Then the user chooses a wireless network to connect to.
- The client device requests the router for connection which further follows a 4-way handshake.
- After the router acknowledges the request, a connection gets established between the client and the wireless network.
Now before moving forward, it is essential to understand all the terminologies:
Service Set Identifier (SSID)
A Service Set Identifier (SSID) is a distinct label assigned to a wireless router, serving to distinguish and identify it amidst the presence of multiple nearby Wi-Fi networks.
Nonce
Nonce is a pseudo-random number generated by devices during the authentication process for smooth communication and verification, which can only be used once so even if this nonce is captured in the middle by conventional intercepting methods, it cannot be reused to establish the same connection again.
Group Temporal Key (GTK)
Group Temporal Key (GTK) is used to encrypt all the traffic to and fro between the wireless router and the client devices connected to it. All the client devices connected has this GTK and this is unique so all the access point would have a different GTK.
Pairwise Transient Key (PTK)
Pairwise Transient Key (PTK) is a unique key generated by combining nonces during the authentication process between the two devices used for the encryption of all the data between the router and the client device.
Capture Handshake Address with Airodump-ng and Aireplay-ng
In this article, we are going to use Airodump-ng and Aireplay-ng to get the Handshake address passed between the router and the client.
Before starting with the actual process, it is important to first understand how a connection initialization in a WiFi router works and how clients are authenticated to get connected to the router.