How to get Usernames & Passwords with Wireshark(Packet Sniffing Tutorial)
Hello Everyone.For This Tutorial we are gonna use a tool called wireshark.So what is wireshark ? Wireshark is a network protocol analyzer.It lets you see what’s happening on your network at a microscopic level.Get Wireshark
So Before We Start Lets learn some about Networks Protocols Like TCP/HTTP/HTTPS Etc.So TCP Stands for Transmission Control Protocol,TCP allows a series of octets to be reliably, in order, error-free exchange between programs running on a LAN, intranet, or internet-connected computer.HTTP Stands for Hyper Text Transfer Protocol,HTTP is a protocol for giving and receiving information on WWW. It is mainly used to give and receive HTML documents.HTTPS Is The Enhanced Version Of HTTP,It Stands For Hyper Text Transfer Protocol Secure.HTTPS is developed For authentication and encryption of communications.
So I Assume you already installed wireshark in your Pc.When You see lts Network Traffic Dont get confused.So we are gonna select WIFI then we will started to see traffic.This Networks packets are little bits of broken down information,each packets are given a source(which is you) and destination which is where those packets need to be delivered.We also given a protocol which tells the computer on the end who you sending the packets.So if its a http packets it tells the other computer to read that packet in a certain way rather than if its a TCP packet you need to read in a different way.Then the destination reconstructs those broken packets and puts them in a order.Then its has the original data.This is how all data transmitted across networks.
Look on the highlighted line i selected,it went through tcp.In the bottom you can randoms numbers like 18 d6 c7 db cd 52 etc etc.This numbers are hexadecimal code and that deconstruct what is inside of each packets.Wireshark essentially capture every packets goes across your network.It mark the packets(tcp/http) and what time it was collected.
so if we wanna look for a specific protocol,just type on the upper seach bar tcp/http whatever you looking for all will show up.For wireshark to work on local network we need to find a http website.Remember wireshark packet sniffing wont work on https.Because HTTPS is secure and encrypted.
So for this to work i am gonna use random website that i found.This website is on http,so we can sniff packets.Now you can see i typed the username and password.Now lets head back to wireshark and see what we got.
now on wireshark searchbar i will type http to see all http traffic.Now as we can see there are lots of http traffic.Stop the wireshark and as you can see there hundreds of these and only one has the thing we looking for.You dont wanna go for every single of them lol.To find what we are looking for.we gonna slim down these using filters.
to find what we are looking for we gonna type http.request.method==”POST” this on wireshark searchbar.So we found what we looking for.For you it might be different,it depends on the website how many packets its needed to transfer the data.It can be one or mutiple packets.
Now you can see all the information this packet contain.Like
Frame 2079: 719 bytes on wire (5752 bits), 719 bytes captured (5752 bits) on interface \Device\NPF_, id 0
Ethernet II, Src: , Dst:
Internet Protocol Version 4, Src: , Dst: 192.168.0.100
Transmission Control Protocol, Src Port: 80, Dst Port: 50253, Seq: 11041, Ack: 855, Len: 665
[9 Reassembled TCP Segments (11705 bytes): #2069(1380), #2070(1380), #2071(1380), #2073(1380), #2074(1380), #2075(1380), #2076(1380), #2078(1380), #2079(665)]
Hypertext Transfer Protocol
HTTP/1.1 200 OK\r\n
Date: Mon, 08 Jun 2020 05:32:45 GMT\r\n
Server: Apache\r\n
X-Content-Type-Options: nosniff\r\n
X-Powered-By: PHP/7.2.27\r\n
X-Drupal-Cache: MISS\r\n
Expires: Sun, 19 Nov 1978 05:00:00 GMT\r\n
Cache-Control: no-cache, must-revalidate\r\n
X-Content-Type-Options: nosniff\r\n
Set-Cookie: has_js=1; expires=Mon, 15-Jun-2020 05:32:45 GMT; Max-Age=604800; path=/; domain=.weevil.info; HttpOnly\r\n
Content-Language: en\r\n
X-Frame-Options: SAMEORIGIN\r\n
X-Generator: Drupal 7 (http://drupal.org)\r\n
Vary: Accept-Encoding\r\n
Content-Encoding: gzip\r\n
Content-Length: 11006\r\n
Content-Type: text/html; charset=utf-8\r\n
X-Varnish: 1014837114\r\n
Age: 0\r\n
Via: 1.1 varnish-v4\r\n
grace: none\r\n
Connection: keep-alive\r\n
Accept-Ranges: bytes\r\n
\r\n
[HTTP response 1/2]
[Time since request: 0.686745000 seconds]
[Request in frame: 2067]
[Next request in frame: 2082]
[Next response in frame: 2098]
[Request URI: http://weevil.info/scratchpads-front?destination=scratchpads-front]
Content-encoded entity body (gzip): 11006 bytes -> 51165 bytes
File Data: 51165 bytes
Line-based text data: text/html (517 lines)
now what we looking for is cookie line.Then we gonna select it and right click on it.Then we gonna Find Follow option and select HTTP STREAM.After it will open a new windows like this
as you can see all the info,html page,browser,operating system etc.Dont get confused chill and look for Name=&=account.There you will find the username and password.You can do it on public network like cafes/mall/school etc.But i dont endorse it lol.Use your knowledge at your own risk.I tried it make it simple as i can.I hope it will help you to learn something new.Have a great day and stay safe.If you have any suggestion please let me know.Byee i will see you on the Next one.
