If you press the Enter key each time you enter your site username and password, you will see that you are sending the password. Of course I know that. How can I check the site? But yes (yes, there are a few here). Once you can use HTTP (plain text) for authentication on your site, you can capture traffic and easily analyze it from any machine via LAN (or Internet). This allows you to use a web site hacking guide that uses the HTTP protocol for authentication. Well, to do via the Internet you must be able to sit on the gateway or central HUB (BGP routers do this if you go to traffic via the route). But from the LAN is very simple, let's hear what you want to know, HTTP is really dangerous. Assuming that the network allows broadcast traffic, you can set the LAN card to indiscriminate mode to your roommate, workplace network, school, university network. So let's try it on a simple website. I hide part of the site name (they are good people, because I respect their privacy). This guide will show everything executed on one machine. You should try between the two VirtualBox / VMWare / Physical machines. Attachment: Please note that some routers do not broadcast traffic, so it is possible for a specific router to fail.
Step 1: Start Wireshark and get traffic
On
Kali Linux, you can start Wireshark
Applications> Kali Linux> Top 10 Security Tools> Wireshark
In Wireshark, go to Capture> Interface and check the interface of the application.
In my case, I chose wlan 0 because I am using a wireless USB card.
Ideally, when you press the Start button here, Wireshark starts capturing traffic. If this is missing, you can capture traffic at any time by going back to Capture> Interface> Start
Step 2: Filter POST data traffic
At this point Wireshark is listening and capturing all network traffic. Open a browser and log in to the site using your username and password. When the authentication process is completed and logging in, it will return to Wireshark and stop the capture. Normally, many Wireshark data are displayed. However, I am interested only in POST data.
Why only POST?
After entering the user name and password and pressing the login button, the POST method is generated (in short, it sends data to the remote server). To filter all traffic and identify POST data, enter the following in the filter section
http.request.method == "POST"
See the screenshot below. Display POST event.
Note: This was only for educational purposes.
I need audience to write on my blogs. Amd spread information to others because we are Pakistani and we believe in spreading knowledge. Support needed!
Comments
Post a Comment