WLAN configured for WPA3 SAE with backward compatibility
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-1024x436.png)
Confirmation via airodump-ng
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-1.png)
Confirmation via Wireshark
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-3-1024x584.png)
The client connected after going through the normal four-way handshake process
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-4-1024x70.png)
Client connected
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-5-1024x347.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-6-1024x235.png)
Create a rouge access point that will broadcast an RSN IE of WPA2. The PSK is incorrect.
Verify the wireless interfaces
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-8.png)
Contents of the script
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-7.png)
Start airodump-ng before running the fake AP.
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-9.png)
Start fake AP
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/XXXXX.png)
Clients are already trying to auth against the fake AP
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-13-1024x409.png)
The fake AP does not know the correct PSK, but the client and AP will exchange a few frames. The four-way hand-shake was captured.
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-14.png)
Verify frame exchange and beacon frames. We can see that the auth key management now displays PSK with AES.
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-15-1024x733.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-16-1024x368.png)
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/4.png)
- The transaction between the AP and client CAN NOT move past key 2 as the AP does not have the correct PSK defined.
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-17-1024x494.png)
Attempt to retrieve the PSK via a dictionary attack.
![](https://www.netprojnetworks.com/wp-content/uploads/2022/08/image-18.png)