WIFI PENTESTING : HACK WPA/WPA2-PSK WPS ENABLED WIFI USING PIXIEWPS

This tutorial explains a major security flaw in WPS enabled routers, if found vulnerable the password protection can be bypassed within seconds as explained in tutorial. Dominique Bongard found that some APs have flaws in the way the nonces (known as E-S1 and E-S2) are generated, that are supposed to be secret. If we are able to find out what these nonces are, we can easily find the wps pin, which ultimately leads to the cracking of passphrase. This task can be easily accomplished using pixiewps. So, check the list of routers vulnerable to this attack available on google and stop using WPS if your router is listed there.
Dominique Bongard discovered that some APs have weak ways of generating nonces (known as E-S1 and E-S2) that are supposed to be secret. If we are able to figure out what these nonces are, we can easily find the WPS PIN of an AP since the AP must give it to us in a hash in order to prove that it also knowns the PIN, and the client is not connecting to a rouge AP. These E-S1 and E-S2 are essentially the "keys to unlock the lock box" containing the WPS pin. You can kind of think of the whole thing as an algebra problem, if we know all but 1 variable in an equation, we just have to solve for x. X in this case is the WPS pin (this is not a perfect example but for beginners it should help.)
Video tutorial :