Type : Hacking Tutorial
Level : Medium
After several days with full of work and project now I want to continue write another tutorial about easy hacking tutorials 🙂 .
Nowadays most website around the world more than 50% of them (in my opinion 😀 ) they didn't provide a secure access into a personal profile or some page that require authentication process where users input their username and password. As we know that data sent via port 80 (HTTP) was plain and without any encryption.
Today tutorial was talk about How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer. From this tutorial you also can learn how to secure yourself while you are outside your own computer network.
This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too 🙂 .
Let's start our tutorial.
1. Wireshark Network Analyzer (wireshark.org)
2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode
Before we go to step by step section, here's the scenario :
v4L is an attacker and he was sitting and drink starbucks coffee with laptop on his table and he's connected to free wi-fi service there. He run Wireshark for a couple moment and he analyze the data sent across the network and he try to find the password that inputted by victim.
1. Download your wireshark and install it (in Windows you just need to click NEXT and FINISH to install it), in Backtrack 5 it's already there. Run the program (Windows : double click the icon; Backtrack : open terminal and type wireshark).
from the picture above maybe your network card is different, just choose which one is your network card and click start.
2. Victim with the same network with v4L was really love to open this two website (the 1st one was simple forum, I make for this Cross Site Scripting Tutorial)
The second one was the most famous forum in my country Indonesia.
3. After victim open that two websites, wireshark on attacker computer catch some data cross the network.
4. After some times then attacker stop capturing the packet on the network by click the button (see picture) to stop Wireshark Network Analyzer from capturing the packet.
5. If you learn about web programming, you should know that data from FORM can be sent with two method POST or GET (for details about this POST and GET definitions you can google for it).
The attacker know that authentication process should be use POST method for data transmission, then v4L use the filter feature in Wireshark to just only filter the HTTP POST method.
http:.request.method == "POST"
then press ENTER or click Apply.
6. If you only see the filter result, maybe you can be a little confused with the data contents over there. We can expand the data, but it's too many information that can make us hard to read one by one the data over there. For the simple thing we can use the ”Follow TCP Stream“ feature. Choose the data, right click and choose Follow TCP Stream.
7. Here's the result after we make it more readable by human 😀
oops the username and password was visible there. . .
1. Do not authenticate yourself (username and password) in a public network especially into website without HTTPS connection.
2. Use VPN or SSH tunneling to secure your connection.
Actually all method cannot prevent this HTTP sniffing, even you secured it using VPN, Tunneling, etc, it can't prevent the sniff 100% because the data from your VPN server and SSH server to destination HTTP address was not encrypted.
I hope you found this post useful 🙂