Whenever you login into a website that requires a username and password, your information is sent to the site to verify your credentials.
This is nothing new and happens constantly whether its Facebook or Gmail.
Ever wonder how hackers capture these passwords?
It is done by using tools such as Wireshark which is built into Pen testing operating systems such as Kali Linux.
As most people know browsers use HTTP to do a request and response that are sent over the internet.
What many don’t realize is HTTP is not encrypted and data is sent in the clear.
This has been updated to use a secure form of HTTP called HTTPS, but the fact is that unless a site is a bank or other secure site most don’t use HTTPS.
To make matters worse a clever MitM (Man-in-the-Middle) attack can fool HTTPS if done cleverly.
A clever MitM attack with tools such as Ettercap will take all the information from a target computer and funnel it through their machine. When a HTTPS request is sent to a secure site the machine in the middle strips the HTTPS request and sends a HTTP request which will send a password back to the attacker in the clear.
The victim is never the wiser since the data they requested is still sent to them.
To combat this most secure sites now do not send HTTP request at all and only allow HTTPS.
But what about the majority of sites that do send simple HTTP request?
Sites that still use HTTP are venerable to tools such as Wireshark and usernames and passwords can be displayed.
Before Wireshark can be run on a victim they must be on the same network. To test this on your own network will be easy since you already belong to it.
Steps to using Wireshark and Kali Linux.
Start Kali Linux and go to Application–>Sniffing spoofing–>Network Sniffers–>wireshark
After Wireshark starts click on interface and choose the interface you want to use such as Ethernet or wireless.
Wireshark will begin to show all the data that it being transmitted on the network.
To narrow down the information you are looking for with out all the clutter filters can be used.
For example to narrow down a specific IP Address the following is typed into the filter bar.
ip addr ==(target IP address)
example (ip addr ==192.168.0.1)
If your a system administrator than Wireshark can be helpful in many ways in analyzing traffic. If you are a webmaster than knowing how venerable HTTP is something that must be considered. Using tools such as Wireshark will give you insight into how a potential attack will be done and give you insight into securing your network.