Friday, October 5, 2012

How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer?


    How to Sniff HTTP POST Password via Network Using Wireshark Network Analyzer?

    Nowadays most website around the world more than 50% of them (in my opinion ) they didn't provide a secure access into a personal profile or some page that require authentication process where users input their username and password. As we know that data sent via port 80 (HTTP) was plain and without any encryption.
    This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too .
    Requirements :
    1.Wireshark Network Analyzer (wireshark.org)
    2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode .



    1. Before we go to step by step section, here's the scenario : v4L is an attacker and he was sitting and drink starbucks coffee with laptop on his table and he's connected to free wi-fi service there. He run Wireshark for a couple moment and he analyze the data sent across the network and he try to find the password that inputted by victim.
      Step by Step :

      1. Download your wireshark and install it (in Windows you just need to click NEXT and FINISH to install it), in Backtrack 5 it's already there. Run the program (Windows : double click the icon; Backtrack : open terminal and type wireshark).
      from the picture above maybe your network card is different, just choose which one is your network card and click start..


      wireshark

      2. Victim with the same network with v4L was really love to open this two website.
      wireshark


      3. After victim open that two websites, wireshark on attacker computer catch some data cross the network.
      wireshark

      4. After some times then attacker stop capturing the packet on the network by click the button (see picture) to stop Wireshark Network Analyzer from capturing the packet.
      wireshark

      5. If you learn about web programming, you should know that data from FORM can be sent with two method POST or GET (for details about this POST and GET definitions you can google for it).
      The attacker know that authentication process should be use POST method for data transmission, then v4L use the filter feature in Wireshark to just only filter the HTTP POST method.

    wireshark
                                     http:.request.method == "POST"
                                     
        
          then press ENTER or click Apply.

      1. If you only see the filter result, maybe you can be a little confused with the data contents over there. We can expand the data, but it's too many information that can make us hard to read one by one the data over there. For the simple thing we can use the ”Follow TCP Stream“ feature. Choose the data, right click and choose Follow TCP Stream.

    wireshark
                            
    Here's the result after we make it more readable by human.

    wireshark
    1.  oops the username and password was visible there. .

      0 comments:

      Post a Comment