Hacker, Researcher and Author.

How To Hack HTTP Passwords With Wireshark


Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are using HTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST method used in forms. Now most of the websites on the internet use Http protocol for the authentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.


In this tutorial, I will show you how a hacker can hack passwords sent via http to the server with wireshark. Wireshark is a network analysis tool used to capture and analyze all the packets being send from your computer to the server.

Attack Scenario

Let's suppose that you went to starbucks to have a coffee with your friend, You have connected to the wifi hotspot, An attacker comes in and starts wireshark and captures your HTTP Post passwords and therefore compromising your security.

How To Hack HTTP Passwords With Wireshark

Before, you i show you how to hack http passwords, i would like to let you know that for a successful capture, your network card should be in Promiscuous mode, which will enable to capture all the traffic going through your network.

Step 1 - First of all download wireshark from the official website and install it on your computer.

Step 2 - Next open up wireshark click on analyze and click on interfaces at the top.


Step 3 - Next choose the appropriate interface and click on start. Wireshark would start sniffing the network.

Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packet sniffing by going to the capture menu and clicking on Stop.

In the mean time, Log into any website (For Testing Purposes), having http Authentication.

Step 6 - Next set the filter to http.request.method == "POST", This will enable it to capture all the HTTP Post request going through your computer. Start analyzing the packets and locate the website in which you logged in having http authentication.



Step 7 - Next click on Follow TCP stream. You will see the username and password that you entered. In this particular senario i logged in my wordpress account, where i entered the username:admin and password:rafayhackingarticles, Since wordpress uses http for authentication, The data that was entered was successfully captured.


Countermeasures

The best countermeasure would be to use a VPN, so that all the traffic would be encrpyted.

You Might Also like:

6 comments:

  1. So Wireshark can capture all network outgoing from our network. Ex: they use our wifi and we can capture them? I'm not sure about that.

    ReplyDelete
  2. Can I ask you something? So if some people use our wifi so Wireshark can capture them? I'm not sure about that. Thanks for your answer.

    ReplyDelete
  3. Very Nice Informative post thank Rafay

    ReplyDelete
  4. I followed your instructions but can not get the user & pass . I captured packets of Gmail . We hope to help you , thanks.

    ReplyDelete
  5. I followed your instructions but can not get the user & pass . I captured packets of Gmail . We hope to help you , thanks.

    ReplyDelete
  6. Gmail uses https: and wireshark only does that for http: and not https. You can try it with another site with http: e.g. any wordpress or joomla website admin authentication.

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.