Wireshark: How to sniff HTTP POST passwords
This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too .
Let's start our tutorial.
1. Wireshark Network Analyzer (wireshark.org)
2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode
Before we go to step by step section, here's the scenario :
v4L is an attacker and he was sitting and drink starbucks coffee with laptop on his table and he's connected to free wi-fi service there. He run Wireshark for a couple moment and he analyze the data sent across the network and he try to find the password that inputted by victim.
1. Download your wireshark and install it (in Windows you just need to click NEXT and FINISH to install it), in Backtrack 5 it's already there. Run the program (Windows : double click the icon; Backtrack : open terminal and type wireshark).
2. Choose which one is your network card and click start. Victim with the same network with v4L was really love to open this two website.
3. After victim open that two websites, wireshark on attacker computer catch some data cross the network.
4. After some times then attacker stop capturing the packet on the network by click the button to stop Wireshark Network Analyzer from capturing the packet.
5. If you learn about web programming, you should know that data from FORM can be sent with two method POST or GET (for details about this POST and GET definitions you can google for it).
The attacker know that authentication process should be use POST method for data transmission, then v4L use the filter feature in Wireshark to just only filter the HTTP POST method.
http:.request.method == "POST"
then press ENTER or click Apply.
6. If you only see the filter result, maybe you can be a little confused with the data contents over there. We can expand the data, but it's too many information that can make us hard to read one by one the data over there. For the simple thing we can use the ”Follow TCP Stream“ feature. Choose the data, right click and choose Follow TCP Stream.
7. Use the filters to make the passwords more readable!