Read full details here: Website Password hacking using WireShark
Did
you knew every time you fill in your username and password on a website
and press ENTER, you are sending your password. Well, of course you
know that. How else you’re going to authenticate yourself to the
website?? But, (yes, there’s a small BUT here).. when a website allows
you to authenticate using HTTP (PlainText), it is very simple to capture
that traffic and later analyze that from any machine over LAN (and even
Internet). That bring us to this website password hacking guide that
works on any site that is using HTTP protocol for authentication. Well,
to do it over Internet, you need to be able to sit on a Gateway or
central HUB (BGP routers would do – if you go access and the traffic is
routed via that).
But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website. I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.
Read the rest of it here: Website Password hacking using WireShark
Did
you knew every time you fill in your username and password on a website
and press ENTER, you are sending your password. Well, of course you
know that. How else you’re going to authenticate yourself to the
website?? But, (yes, there’s a small BUT here).. when a website allows
you to authenticate using HTTP (PlainText), it is very simple to capture
that traffic and later analyze that from any machine over LAN (and even
Internet). That bring us to this website password hacking guide that
works on any site that is using HTTP protocol for authentication. Well,
to do it over Internet, you need to be able to sit on a Gateway or
central HUB (BGP routers would do – if you go access and the traffic is
routed via that).But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.
So lets try this on a simple website. I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.
Read the rest of it here: Website Password hacking using WireShark
No comments:
Post a Comment