Scribd
Upload
7 views

Password Sniffing Using WireShark

Only for educational purpose.

Uploaded by

B.Tech Study Material
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

Password Sniffing Using WireShark

Only for educational purpose.

Uploaded by

B.Tech Study Material
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Experiment 4

Objective : Password Sniffing: Simulate a scenario where a password is


transmitted in plaintext. Use Wireshark to capture and analyze the packets
to demonstrate the vulnerability and the importance of encryption.
Solution :

Password Sniffing:-Password sniffing is a type of network attack in which


an attacker intercepts data packets that include passwords. The attacker
then uses a password-cracking program to obtain the actual passwords from
the intercepted data. Password sniffing can be used to obtain passwords for
any type of account, including email, social media, and financial accounts.

Step 1:First of all, open your Wireshark tool in your window or in Linux
virtual machine. and start capturing the network. suppose you are capturing
your wireless fidelity.

Step:2 After starting the packet capturing we will go to the website and
login the credential on that website as you can see in the image.
Step-3: Now after completing the login credential we will go and capture
the password in Wireshark. for that we have to use some filter that helps
to find the login credential through the packet capturing.
Step 4: Wireshark has captured some packets but we specifically looking
for HTTP packets. so in the display filter bar we use some command to find
all the captured HTTP packets. as you can see in the below image the green
bar where we apply the filter.

Step 5: So there are some HTTP packets are captured but we specifically
looking for form data that the user submitted to the website. for that, we
have a separate filter .
As we know that there are main two methods used for submitting form data
from web pages like login forms to the server. the methods are-

● GET
● POST

Step 6: So firstly for knowing the credential we use the first method and
apply the filter for the GET methods as you can see below.
As you can see we have a packet with form data click on the packet with
user info and the application URL encoded. and click on the down-

HTML form URL Encoded where the login credential is found. login credential
as it is the same that we filed on the website in step 2.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy