Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
30 views4 pages

Experiment No. 4: Step 1

The document outlines an experiment using Wireshark to capture and analyze plaintext password transmissions, demonstrating the vulnerabilities of unencrypted data. It details the steps to capture network packets while logging into a website, focusing on filtering for HTTP GET and POST requests to find submitted credentials. The experiment highlights the importance of encryption to protect sensitive information from unauthorized access.

Uploaded by

Tanya Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views4 pages

Experiment No. 4: Step 1

The document outlines an experiment using Wireshark to capture and analyze plaintext password transmissions, demonstrating the vulnerabilities of unencrypted data. It details the steps to capture network packets while logging into a website, focusing on filtering for HTTP GET and POST requests to find submitted credentials. The experiment highlights the importance of encryption to protect sensitive information from unauthorized access.

Uploaded by

Tanya Singh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Experiment No.

4
Aim: Password Sni ng: Simulate a scenario where a password is transmitted in plaintext.
Use Wireshark to capture and analyse the packets to demonstrate the vulnerability and
the importance of encryption

Brief Description: Wireshark can capture not only passwords, but any type of
information transmitted over the network: usernames, email addresses, personal
information, etc. If we can capture network tra c, Wireshark can sni passing passwords.
In sni ng can include passwords for various protocols such as HTTP, FTP, Telnet, etc. the
captured data can be used to troubleshoot network problems but can also be used
maliciously to gain unauthorised access. to sensitive information.

In this experiment, we will see how we can capture the password using the Wireshark
network capture analyser. and see the outputs of the following steps.

INPUT:

Step 1: Open your Wireshark tool in your window or in Linux virtual machine, and start
capturing the network.

Step 2: After starting the packet capturing, we will go to the website and login the
credential on that website as you can see in the image.
ffi
ffi
ffi
ff
Step 3: Now after completing the login credential, we will go and capture the password in
Wireshark, for that we must use some lter that helps to nd the login credential through
the packet capturing.

Step 4: Wireshark has captured some packets but we speci cally looking for HTTP
packets, so, in the display lter bar we use some command to nd all the captured HTTP
packets, as you can seeing the below image the green bar where we apply the lter.
fi
fi
fi
fi
fi
fi
Step 5: So, there are some HTTP packets are captured but we speci cally looking for
form datathat the user submitted to the website. for that, we have a separate lter. There
is main two methods used for submitting form data from web pages like login forms to
the server. the methods are-GET and POST.

Step 6: So, rstly for knowing the credential we use the rst method and apply the lter
for the GET methods as you can see below:

http.request.method = “GET”

As you can see in the image there are two packets where the login page was requested
with a GET request as well, but there is no form data submitted with a GET request.

Step 7: Now after checking the GET method if we didn't nd the form data, then we will
try the POST method for that we will apply the lter on Wireshark as you can see.

http.request.method = “POST"
fi
fi
fi
fi
fi
fi
fi
As we can see we have a packet with form data click on the packet with user info and the
application URL encoded, and click on the down-

HTML form URL Encoded where the login credential is found. login credential as it is the
same that we led on the website in step 2.

OUTPUT:

Form item: "uname"= "test"

Form item: "pass" ="test"


fi

You might also like