John is able to crack WPA-PSK and WPA2-PSK passwords. Recent changes have improved performance when there are multiple hashes in the input file, that have the same SSID (the routers 'name' string).
The input format is a printable hash, which can either be directly created with john's tool “wpapcap2john” (ships with jumbo) from a packet capture in pcap format as produced by tcpdump, wireshark or airodump-ng; or by doing an intermediate conversion to Hashcat's hccap format as described below.
You can convert airodump's .cap file to .hccap in one of the following ways:
When you have hccap file you need to convert it to john's input format using “hccap2john” program shipped with recent jumbo versions. It encodes hccap file to “$WPAPSK$essid#b64encoded hccap”
Example testcase you can get from http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&target=wpa-Induction.pcap or wpa-Induction.tar.gz
From that point you can use john as you always do. The format comes in two flavours:
Example usage:
If “Induction” is in your (by default it is not) password.lst file, john will crack it.
If you are interested in how it works visit this page