Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

Posted a new version of coWPAtty (4.5) with the following changes:

- Hashfile can be read from STDIN (thanks Thomas d'Otreppe);
- More liberal collection of handshake information to make coWPAtty work with AP's that do not implement the 4-way handshake exactly to the specification. This is not the default, but can be turned on with "-2" (thanks to Nathan Grennan);
- Can process a dictionary or hashfile attack when only the 1st and 2nd frames of the 4-way handshake are present, making it easier to attack an exchange even when the full 4-way handshake was not observed (e.g. you were channel hopping, and only caught part of the exchange). This could be an issue if the person you are attacking did not have the correct PSK on their system, but I think that is unlikely. This feature is enabled (along with Nathan's nonstrict patches) with "-2", try using this if coWPAtty displays the "incomplete four-way handshake exchange" message;
- Added support for validating that the needed handshake information is present (either with all four frames of the handshake, or frames 1 and 2 with the "-2" option). Thanks to Pure Hate for his support on this;
- Fixed NULL dereference bug when processing radiotap captures (thanks to Michal Knobel).

My apologies for not maintaining coWPAtty with more regularity, though I sincerely appreciate the bug reports and suggestions from everyone. You can get the source for coWPAtty 4.5 below.