• 25,450
  • +1,003
  • 2,796
How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

Bookmark

Type : Hacking Tutorial

Level : Medium

After several days with full of work and project now I want to continue write another tutorial about easy hacking tutorials ๐Ÿ™‚ .

Nowadays most website around the world more than 50% of them (in my opinion ๐Ÿ˜€ ) they didn't provide a secure access into a personal profile or some page that require authentication process where users input their username and password. As we know that data sent via port 80 (HTTP) was plain and without any encryption.

Today tutorial was talk about How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer. From this tutorial you also can learn how to secure yourself while you are outside your own computer network.

This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too ๐Ÿ™‚ .

Let's start our tutorial.

Requirements :

1. Wireshark Network Analyzer (wireshark.org)

2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode

Before we go to step by step section, here's the scenario :

v4L is an attacker and he was sitting and drink starbucks coffee with laptop on his table and he's connected to free wi-fi service there. He run Wireshark for a couple moment and he analyze the data sent across the network and he try to find the password that inputted by victim.

Step by Step :

1. Download your wireshark and install it (in Windows you just need to click NEXT and FINISH to install it), in Backtrack 5 it's already there. Run the program (Windows : double click the icon; Backtrack : open terminal and type wireshark).

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

from the picture above maybe your network card is different, just choose which one is your network card and click start.

2. Victim with the same network with v4L was really love to open this two website (the 1st one was simple forum, I make for this Cross Site Scripting Tutorial)

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

The second one was the most famous forum in my country Indonesia.

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

3. After victim open that two websites, wireshark on attacker computer catch some data cross the network.

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

4. After some times then attacker stop capturing the packet on the network by click the button (see picture) to stop Wireshark Network Analyzer from capturing the packet.

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

5. If you learn about web programming, you should know that data from FORM can be sent with two method POST or GET (for details about this POST and GET definitions you can google for it).

The attacker know that authentication process should be use POST method for data transmission, then v4L use the filter feature in Wireshark to just only filter the HTTP POST method.

http:.request.method == "POST"

then press ENTER or click Apply.

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

6. If you only see the filter result, maybe you can be a little confused with the data contents over there. We can expand the data, but it's too many information that can make us hard to read one by one the data over there. For the simple thing we can use the ”Follow TCP Stream“ feature. Choose the data, right click and choose Follow TCP Stream.

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

7. Here's the result after we make it more readable by human ๐Ÿ˜€

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer

oops the username and password was visible there. . .

Countermeasures :

1. Do not authenticate yourself (username and password) in a public network especially into website without HTTPS connection.

2. Use VPN or SSH tunneling to secure your connection.

Actually all method cannot prevent this HTTP sniffing, even you secured it using VPN, Tunneling, etc, it can't prevent the sniff 100% because the data from your VPN server and SSH server to destination HTTP address was not encrypted.

I hope you found this post useful ๐Ÿ™‚

Subscribe Now To Get Latest Hacking Tutorial on Your E-Mail

Share this article if you found this post was useful:

Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com

See all posts by || Visit Website : http://www.vishnuvalentino.com

  • Fullmetal

    Does it only work on LAN
    or can i use this method for WAN also by port forwarding ? ?? ?

    • v4L

      #Fullmetal
      it works in a network where you’re inside it and you can read the network traffic there

  • wharan

    NICE

  • bro i think we cannot sniff passwords of fb and gmail

    • Tim

      Course not, This doesnt strip HTTPS Protocol, but HTTP isn’t secure

      • v4L

        #Tim

        that’s why its called stripping the https to http with redirection method(from 443 to 80)….from secure to unsecure…i’m confused with your statement…??

  • gullifty

    macchanger + dish antenna + aircrack + reaver + ip fwd + arp poison + sslstrip + wireshark post filter = game over

  • how could i know if the network is trafic there???

  • humar dosni

    i have seen but it said that there is no http portocol. even when i login to my facebook and hotmail it dosent show me any http protocol or any post thing.
    html me

    • v4L

      #humar dosni
      facebook and hotmail they use https

  • crazyred

    i run Wireshark in window7. Can i hack Wi-Fi user’s password with Wireshark? We are same Wi-Fi. How to…..?

    • v4L

      #crazyred

      the tutorial is above

  • Mars

    Hi.
    Security Is A Joke …
    You Can Use MiTM Attacks In A Network And Use Sslstrip and …
    Nowadays Https Is Not Still Secure [ I Mean Not For Advances ! ] For Peoples.
    Do U Agree , Sir?
    Mars

    • v4L

      #Mars

      from what I know(sorry if I’m wrong), SSL is secure enough(for now).

      the thing that make it unsecure is the people who use it.

  • NoArmsNoLegsFrontDoor

    Mr. Valentino,

    I have been trying to implement a port forwarding measure against my Access Point. Could I port forward all HTTP traffic to an active session of Wireshark?

    • hackingtut

      #NoArmsNoLegsFrontDoor
      I don’t understand your question?

  • Rubรฉn Colomina Citoler

    It works with a size forum that I know.

  • abdel

    please , what can i do to bypass websense triton , even tor and ultrasurf can’t bypass it , thx in advance

  • Tyler

    When I do it I can’t Brit the passwords it all coded

  • Akhunzada Aftab

    bro i received a mail in my inbox, i want to sniff it, which software should i use to hack its password??? is it possible???

    • FuckYourMom

      you sound so fucking stupid

  • Geek

    Shit load of idiots asking OMG ironic questions. Hahahahaha

  • Tung Dao

    I’m running Wireshark on Macbook air (Mid 2011, 13″) and it cannot capture packets from other devices in the same network. You mentioned something about promiscuous mode, how could I check if my wifi card support it? How to capture packets from other devices in the same network? Thank you a lot.

  • c4tpunk

    i don’t understand…

    my question is
    ” how it works ?
    if i have 2 computers that computer-2 is not connected to me , i mean my computer-1 is not server
    we are client,in the same network . and i want to know what computer-2 do ”
    can i get computer-2’s data ?

  • Sameer Malhotra

    Easily whatsapp Hacking Whatsapp Contact-+91-8285836332.

    Skype Id-sameermalhotra.8010