The Basics

To crack a WPA passphrase with aircrack is pretty simple, as long as the password is in the wordlist you feed aircrack.

$ aircrack-ng -w my_wordlist.txt my_capfile.cap 

The Tricks

The tricks are all related to how you pick your wordlist.

Generating Raw Wordlists

You can create a raw wordlist using Cewl. You feed it a URL, it crawls the page, and it builds wordlists from the result. Be patient and choose your max depth wisely.

More information on basic usage of Cewl: Cewl

More on processing the output of Cewl to make wordlists more useful: Cewl/Wordlists

Obtaining Password Lists

It's always worthwhile to check the easy passwords, like '12345678' and 'password', to potentially save yourself a lot of time. Lists of common passwords are available on the web, but one good one I like is SecLists on GitHub https://github.com/danielmiessler/SecLists

Generating Passwords

John the Ripper is an excellent password cracker, but it is also good at generating passwords from wordlists. You can use some canned command line options to make it try no variations, some variations, or go hogwild, but you can also be more precise and give it rules for things to try.

The wordlists generated by Cewl are useful to feed to John the Ripper to come up with longer lists of passwords to try.

Notes on generating passwords from wordlists with John the Ripper: John the Ripper/Password Generation