Disclaimer: This blog is for educational purposes only!!!

In this blog we will demonstrate how we can sniff username and password of any website which is running on HTTP protocol only by using the Wireshark tool in the network where anyone is accessing such web applications.

Install the Wireshark tool from his office website https://www.wireshark.org

After successfully installed Wireshark, Open this tool.

Wait for few seconds to start connecting Wireshark tool by internet. After it is connected to internet it shows the graph signals particular which you are connected currently such as Wifi or Ethernet.

Now we can double click on that internet signal (Means Wifi or Ethernet etc.) on which our machine is connected currently. After this, it shows below screen in which packets start capturing in the same network which we selected and connected currently.

Now open any website in browser which is running on HTTP protocol not HTTPS website because HTTPS is secure websites we can’t sniff username and password from such website. We already discussed this in previous blog.
So I opened one demo website with the name “http://demo.testfire.net

Click on the SignIn button at top and after it shows login screen and we will enter any username and password and click on “Login” button.

After successfully login, the below screen will come.

Now again go to Wireshark tool and stop the packet capturing process by clicking on red small button.

After stopping packet capturing find out the HTTP login request by searching keyword “HTTP” in search box of Wireshark in which entered username and password are present.

And after getting HTTP request just simply double click on it then below screen will come in which click on the “HTML FORM URL ENCODED” and we can see the username and password which we entered at the time of login.

From this we can understand that HTTP protocol is not secure protocol as we compare with HTTPS. As a best security practice always use HTTPS protocols in our businesses and personal website to protect from such attacks.

Reference:

  • https://demo.testfire.net/
  • https://wireshark.org
  • https://pixabay.com/