- Can Wireshark Sniff Wifi Network Password
- Wireshark Wireless Adapter
- Using Wireshark Wifi
- Can Wireshark Sniff Wifi Network Windows 10
- Can Wireshark Sniff Passwords Used In The Past
- Wireshark Monitor Wifi
Type : Hacking Tutorial
Level : Medium
After several days with full of work and project now I want to continue write another tutorial about easy hacking tutorials 🙂 .
Nowadays most website around the world more than 50% of them (in my opinion 😀 ) they didn't provide a secure access into a personal profile or some page that require authentication process where users input their username and password. As we know that data sent via port 80 (HTTP) was plain and without any encryption.
Packet Sniffing on wireless network (self.hacking). Look into cache/arp poisoning (lots of free tools to do this), then either use wireshark, tcpdump, or any packet sniffer. All the traffic will be routed from his phone to your machine and then you will be able to sniff his traffic. If your using a linux machine be sure to set your ip. Capturing packets. For example, if the wireless network is set to channel 1 for the traffic you’re interested in, then configure Wireshark to monitor channel 1. To do this, click the Capture menu, choose Options, and click Wireless Settings. The menu Advanced Wireless Settings will appear where you can change the channel.
Today tutorial was talk about How to Sniff HTTPPOST Password via Network Using Wireshark Network Analyzer. From this tutorial you also can learn how to secure yourself while you are outside your own computer network.
This tutorial can be an angel and also devil in the same time, it depends to you who use this tutorial for which purpose…me as a writer of this tutorial just hope that all of you can be an angel and know the bad things can happen from it, because I believe that no one from you want your password sniffed by someone out there so don't do that to others too 🙂 .
Let's start our tutorial.
Requirements :
1. Wireshark Network Analyzer (wireshark.org)
2. Network Card (Wi-Fi Card, LAN Card, etc) fyi : for wi-fi it should support promiscious mode
Before we go to step by step section, here's the scenario :
v4L is an attacker and he was sitting and drink starbucks coffee with laptop on his table and he's connected to free wi-fi service there. He run Wireshark for a couple moment and he analyze the data sent across the network and he try to find the password that inputted by victim.
Step by Step :
1. Download your wireshark and install it (in Windows you just need to click NEXT and FINISH to install it), in Backtrack 5 it's already there. Run the program (Windows : double click the icon; Backtrack : open terminal and type wireshark).
from the picture above maybe your network card is different, just choose which one is your network card and click start.
2. Victim with the same network with v4L was really love to open this two website (the 1st one was simple forum, I make for this Cross Site Scripting Tutorial)
The second one was the most famous forum in my country Indonesia.
3. After victim open that two websites, wireshark on attacker computer catch some data cross the network.
4. After some times then attacker stop capturing the packet on the network by click the button (see picture) to stop Wireshark Network Analyzer from capturing the packet.
5. If you learn about web programming, you should know that data from FORM can be sent with two method POST or GET (for details about this POST and GET definitions you can google for it).
The attacker know that authentication process should be use POST method for data transmission, then v4L use the filter feature in Wireshark to just only filter the HTTPPOST method.
then press ENTER or click Apply.
6. If you only see the filter result, maybe you can be a little confused with the data contents over there. We can expand the data, but it's too many information that can make us hard to read one by one the data over there. For the simple thing we can use the ”Follow TCP Stream“ feature. Choose the data, right click and choose Follow TCP Stream.
7. Here's the result after we make it more readable by human 😀
oops the username and password was visible there. . .
Countermeasures :
1. Do not authenticate yourself (username and password) in a public network especially into website without HTTPS connection.
2. Use VPN or SSH tunneling to secure your connection.
Can Wireshark Sniff Wifi Network Password
Actually all method cannot prevent this HTTP sniffing, even you secured it using VPN, Tunneling, etc, it can't prevent the sniff 100% because the data from your VPN server and SSH server to destination HTTP address was not encrypted.
I hope you found this post useful 🙂
Share this article if you found it was useful:
Blogger at hacking-tutorial.com. Love PHP, offensive security and web. Contact him at me[-at-]vishnuvalentino.com
See all posts by Vishnu Valentino || Visit Website : http://www.vishnuvalentino.com
Computers communicate using networks. These networks could be on a local area network LAN or exposed to the internet. Network Sniffers are programs that capture low-level package data that is transmitted over a network. An attacker can analyze this information to discover valuable information such as user ids and passwords.
In this article, we will introduce you to common network sniffing techniques and tools used to sniff networks. We will also look at countermeasures that you can put in place to protect sensitive information been transmitted over a network.
Topics covered in this tutorial
What is network sniffing?
Computers communicate by broadcasting messages on a network using IP addresses. Once a message has been sent on a network, the recipient computer with the matching IP address responds with its MAC address.
Network sniffing is the process of intercepting data packets sent over a network.This can be done by the specialized software program or hardware equipment. Sniffing can be used to;
- Capture sensitive data such as login credentials
- Eavesdrop on chat messages
- Capture files have been transmitted over a network
The following are protocols that are vulnerable to sniffing
- Telnet
- Rlogin
- HTTP
- SMTP
- NNTP
- POP
- FTP
- IMAP
The above protocols are vulnerable if login details are sent in plain text
Passive and Active Sniffing
Before we look at passive and active sniffing, let’s look at two major devices used to network computers; hubs and switches.
A hub works by sending broadcast messages to all output ports on it except the one that has sent the broadcast. The recipient computer responds to the broadcast message if the IP address matches. This means when using a hub, all the computers on a network can see the broadcast message. It operates at the physical layer (layer 1) of the OSI Model.
The diagram below illustrates how the hub works.
A switch works differently; it maps IP/MAC addresses to physical ports on it. Broadcast messages are sent to the physical ports that match the IP/MAC address configurations for the recipient computer. This means broadcast messages are only seen by the recipient computer. Switches operate at the data link layer (layer 2) and network layer (layer 3).
Wireshark Wireless Adapter
The diagram below illustrates how the switch works.
Passive sniffing is intercepting packages transmitted over a network that uses a hub. It is called passive sniffing because it is difficult to detect. It is also easy to perform as the hub sends broadcast messages to all the computers on the network.
Active sniffing is intercepting packages transmitted over a network that uses a switch. There are two main methods used to sniff switch linked networks, ARP Poisoning, and MAC flooding.
Hacking Activity: Sniff network traffic
In this practical scenario, we are going to use Wireshark to sniff data packets as they are transmitted over HTTP protocol. For this example, we will sniff the network using Wireshark, then login to a web application that does not use secure communication. We will login to a web application on http://www.techpanda.org/
The login address is This email address is being protected from spambots. You need JavaScript enabled to view it., and the password is Password2010.
Note: we will login to the web app for demonstration purposes only. The technique can also sniff data packets from other computers that are on the same network as the one that you are using to sniff. The sniffing is not only limited to techpanda.org, but also sniffs all HTTP and other protocols data packets.
Sniffing the network using Wireshark
The illustration below shows you the steps that you will carry out to complete this exercise without confusion
Download Wireshark from this link http://www.wireshark.org/download.html
- Open Wireshark
- You will get the following screen
- Select the network interface you want to sniff. Note for this demonstration, we are using a wireless network connection. If you are on a local area network, then you should select the local area network interface.
- Click on start button as shown above
- Open your web browser and type in http://www.techpanda.org/
- The login email is This email address is being protected from spambots. You need JavaScript enabled to view it. and the password is Password2010
- Click on submit button
- A successful logon should give you the following dashboard
- Go back to Wireshark and stop the live capture
- Filter for HTTP protocol results only using the filter textbox
Using Wireshark Wifi
- Locate the Info column and look for entries with the HTTP verb POST and click on it
- Just below the log entries, there is a panel with a summary of captured data. Look for the summary that says Line-based text data: application/x-www-form-urlencoded
- You should be able to view the plaintext values of all the POST variables submitted to the server via HTTP protocol.
Can Wireshark Sniff Wifi Network Windows 10
What is a MAC Flooding?
MAC flooding is a network sniffing technique that floods the switch MAC table with fake MAC addresses. This leads to overloading the switch memory and makes it act as a hub. Once the switch has been compromised, it sends the broadcast messages to all computers on a network. This makes it possible to sniff data packets as they sent on the network.
Counter Measures against MAC flooding
- Some switches have the port security feature. This feature can be used to limit the number of MAC addresses on the ports. It can also be used to maintain a secure MAC address table in addition to the one provided by the switch.
- Authentication, Authorization and Accounting servers can be used to filter discovered MAC addresses.
Sniffing Counter Measures
- Restriction to network physical media highly reduces the chances of a network sniffer been installed
- Encrypting messages as they are transmitted over the network greatly reduces their value as they are difficult to decrypt.
- Changing the network to a Secure Shell (SSH)network also reduces the chances of the network been sniffed.
Can Wireshark Sniff Passwords Used In The Past
Summary
Wireshark Monitor Wifi
- Network sniffing is intercepting packages as they are transmitted over the network
- Passive sniffing is done on a network that uses a hub. It is difficult to detect.
- Active sniffing is done on a network that uses a switch. It is easy to detect.
- MAC flooding works by flooding the MAC table address list with fake MAC addresses. This makes the switch to operate like a HUB
- Security measures as outlined above can help protect the network against sniffing.