First of all, we want to catch the packets transferred between local computer and a specific website. We use 168.1.8.244 in this example.

Step1. Open wireshark.choose the second icon from the left, which is “capture options”.

wireshark_menu_bar

In the “Capture” frame, choose the interface you will use to connect to Internet. In the “capture Filter: type” tcp port http”, this will just get the type of traffic we need in this example.Then, click “start”.

wireshark_capture_options

Then open a browser and visit www.abc.net.au, and you can see some records have been added in to the wireshark. If the home page show up, we can close the browser and click the stop button, which is the 4th from the left.

Step2. Open a browser, and visit www.yourdomain.com to create a record Open CMD, type:

nslookup www.yourdomain.com

 

The address may be one of the above address, we will see which one we will use in this connection.

 

 

Unfiltered
Unfiltered

We can see that the browser used the address 168.1.8.244, so we only need to focus on the connection between local pc and this site. Click in the text field after Filter, type “ip.addr==168.1.8.244”.

Filtered result
Filtered result

 

Now is the TCP three handshake in the first few lines.

We can see the connection establish request (SYN) in line 1-6. (why there are 6 times request).  Then the step 2 [SYN, ACK]  acknowledge 1st step, and synchronize the connection parameters. Step3, acknowledge that both sides agree to establish the connection.

Password sniffing

for the password transferred in http, which is plain text, you can easily find the password by looking for the Post action in the Info tab. Then check the HTML Form URL Encoded: application/x-www-form-urlencoded, there are some form item. you can find the username and password there.

http_wireshark

 

To capture the traffic, you would need other method, such as Man in the middle, DHCP poison, etc to redirect the traffic.

2 thoughts on “WireShark_password sniffing

  • Magnificent items from you, man. I’ve bear in mind your stuff prior to
    and you are simply too magnificent. I really like what you have acquired right here, really like what you’re saying and the best way through which you assert it.
    You make it enjoyable and you still take care of to keep it sensible.
    I cant wait to read far more from you. This is really a tremendous website.

  • I like the helpful information you provide in your articles.
    I’ll bookmark your blog and check again here frequently.
    I’m quite certain I’ll learn plenty of new stuff right here!

    Good luck for the next!

Leave a Reply

Your email address will not be published.