We can find many tools with which to manage wireless networks, analyze their security and see if they could somehow access our data. We already know that Wi-Fi is increasingly used and this means that we have more devices compatible with this technology. In this article we want to talk about an interesting program called HalfHandshaker . It is a script that allows obtaining handshakes from a client without having to reach that network.
HalfHandshaker can get handshakes without reaching the network
This script, which is still in beta version, has been created to be able to obtain handshakes without having to have physical access to a network. Also, no monitor mode is needed. A mobile device is required to have connected to the network in question and what we do is create a network with that name. The device will try to connect, since it remembers the network, and will automatically send the password it has stored. We can audit that password with different programs.
Let’s take as an example that a person who has connected in a network that is out of our reach. Your workplace, a store, shopping center … Anywhere. That person, for example a neighbor, is within our reach and what we do is create a network with the name from which that user previously connected. What your mobile will do is connect automatically. For this to be possible, it is necessary to know what the name of that network is .
In this way we will achieve the encrypted password . This password is sent to us by the mobile since it interprets that it is trying to connect to the network that it has previously memorized. Later, once we have that encrypted key, we can audit it using a program.
Therefore, we can basically say that HalfHandshaker allows creating a fake access point, with the same name as the access point to which the victim has previously connected, and in this way, when trying to connect, obtain the encrypted key.
Open source script and in beta version
As we have indicated, HalfHandshaker is still in beta version . Its author has improved some aspects with respect to the first version that he released for testing. It has included some parameters and improvements. However, it is possible that when using it problems arise, as with any tool that is not in its stable version.
It is open source software and available to anyone. We can get it on GitHub , where we will also see a demonstration video by its author.
In short, HalfHandshaker is a simple script , a free program that allows us to obtain handshakes without having to have physical access to the network. We can get the encrypted key that we could later audit with a program such as Hashcat or AirCrack, among other similar ones. One more way to learn about how wireless networks work and how someone could obtain the password, even if it is encrypted, and even without having direct access to that access point.
