Monday, 10 December 2012

How To Hack HTTP Passwords With Wireshark

Most of the websites on the Internet use HTTP protocol for comunication which runs on Port 80, The data send to the server is Un-encrpypted and goes in plain text. If you are usingHTTPS (Port 443), The data will be send to the server encrypted. When ever you enter the data in a Form, Your browser either sends a POST Or Get Request to the webserver, In most cases you will see POST method used in forms. Now most of the websites on the internet use Http protocol for the authentication, which enables an attacker on the local area network to sniff every thing that goes through that form, That's the reason why you see websites like Paypal, Ebay, Gmail with https.

In this tutorial, I will show you how a hacker can hack passwords sent via http to the server with wireshark. Wireshark is a network analysis tool used to capture and analyze all the packets being send from your computer to the server.

Attack Scenario

Let's suppose that you went to starbucks to have a coffee with your friend, You have connected to the wifi hotspot, An attacker comes in and starts wireshark and captures your HTTP Post passwords and therefore compromising your security.

How To Hack HTTP Passwords With Wireshark

Before, you i show you how to hack http passwords, i would like to let you know that for a successful capture, your network card should be in Promiscuous mode, which will enable to capture all the traffic going through your network.

Step 1 - First of all download wireshark from the official website and install it on your computer.

Step 2 - Next open up wireshark click on analyze and click on interfaces at the top.

Step 3 - Next choose the appropriate interface and click on start. Wireshark would start sniffing the network.

Step 4 - Continue sniffing for around 10 minutes. Step 5 - After 10minutes stop the packetsniffing by going to the capture menu and clicking on Stop.

In the mean time, Log into any website (For Testing Purposes), having http Authentication.

Step 6 - Next set the filter to http.request.method == "POST", This will enable it to capture all the HTTP Post request going through your computer. Start analyzing the packets and locate the website in which you logged in having http authentication.

Step 7 - Next click on Follow TCP stream. You will see the username and password that you entered. In this particular senario i logged in my wordpress account, where i entered theusername:admin and password:rafayhackingarticles, Since wordpress uses http for authentication, The data that was entered was successfully captured.


The best countermeasure would be to use a VPN, so that all the traffic would be encrpyted.


No comments:

Post a Comment