Wireshark – Packet Sniffing Passwords

Wireshark comes packaged in Kali Linux, and is a useful packet sniffer. Basically it will capture all the network packets that are transferred on a given network. This is a good example of why you should not use public wifi hotspots to login to websites.

There is a caveat, almost any website worth anything these days uses HTTPS, and Wireshark will be of no use. For the purposes of this tutorial, I’m going to give an example of how easy it is when using an unsecured HTTP connection for someone to steal your username and password.

So first fire up Wireshark in Kali Linux, you will need to select your network adapter and then you will have a screen like this

Kali Linux Wireshark user interface

Now you are capturing packets, if there is lots of network traffic going on (most likely if you are on public wifi) you will see a LOT of data being displayed. Let’s jump over to our web browser and attempt to login to a website that has unsecured login with HTTP. Go to http://www.techpanda.org

sniffing packets on Wireshark

You can see when we load the website Wireshark has captured lots of packets.

Now login using the following :

uName: admin@google.com

pWord: Password2010

Now we are logged in, Wireshark will have captured more packets.

capturing packets when loading websites with Wireshark

So now we can turn off Wireshark, and filter the packets captured to find what we are looking for. So go ahead in Wireshark and press the stop button.

Now we will apply a filter s we can cut through all the packets to narrow it down to what we are looking for.

http.request.method == POST

Use this filter, and you will be presented with a much smaller list.

filtering packets in wireshark

When we look through the list we can find the HTTP POST that used index.php application/x.www-form-urlencoded and in the details below we can see the username and password used on this form.

captured password over HTTP connection with Wireshark

So there you have it, although this was run on my local virtual machine network adapter, it could easily be run on a public wifi and capture all the packets going through that network. Imagine how easy it would be to sit in Starbucks, sniffing packets for hours, and then sifting through to see what info you can find. This kind of research could be the start of finding out more about you, identifying targets for hacks who are using unsecured passwords, identify theft and more.

The thing with this kind of password hacking is it doesn’t require any brute force attacks, dictionaries and hours of processing power. Unlock using Hashcat or John The Ripper here the users are literally giving you their password!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: