Extreme Hacking
Advanced Ethical Hacking Institute in Pune
Wireshark Password Sniffing
Tools:
• Alpha wireless card
• Kali Linux
• Ettercap (Man in Middle tool)
• Sslstrip(Turns HTTPS into HTTP so we can see passwords in clear text)
• Wireshark (Packet sniffer)
First login to your Kali Machine. After logging in we need to forward port 80 to port 10000 which is what sslstrip will be listening on. So open up a terminal and type the following:
![[Image: iptables.png]](http://s11.postimg.org/cdz256yxf/iptables.png)
After you forward the port using iptables we can start sslstrip like so.
![[Image: ssl_strip.png]](http://s11.postimg.org/76ikeh7pv/ssl_strip.png)
Now that we have sslstrip running lets start Ettercap so we can redirect all the users traffic through our machine. Doing this will allow us to use Wireshark to sniff traffic.
The IP address I will be targeting is 192.168.1.140.
![[Image: ettercap.png]](http://s11.postimg.org/wrusebuxf/ettercap.png)
Make sure that you see your target IP address in GROUP 1. If you don’t try again.
Now that everything is set up all I have to do is start wireshark and wait for some one to login to a site.
When starting wireshark make sure to choose your wireless interface (wlan0 most likely) and start sniffing on that.
Now on my other computer I navigated to facebook. Notice that the URL starts with HTTP NOT HTTPS this is important because HTTPS means traffic is encrypted and cannt be sniffed. If its HTTP then everything is sent in clear text including passwords and usernames when you login to a website.
![[Image: FACEBOOK_HTTP.jpg]](http://s11.postimg.org/6fpu8p5cj/FACEBOOK_HTTP.jpg)
I then logged in with a username and password.
![[Image: facebook_loging_in.jpg]](http://s11.postimg.org/6i9pvj903/facebook_loging_in.jpg)
Next lets go back to wireshark. We need to filter the packets for http. After you filter the packets look for one that has “post” in the info column. Post/ is used to submit passwords on websites and is the same for all website.
http.request.method = “POST” is a better filter
![[Image: http_filter_1.png]](http://s11.postimg.org/laefmvexf/http_filter_1.png)
After you find the right packet(You can tell because it says /login.php) you want to right click and choose follow tcp stream.
![[Image: follow_tcp_stream.png]](http://s11.postimg.org/vqujp7dxv/follow_tcp_stream.png)
Now you have just found my username and password I used to login to the site.
![[Image: wirehark_pass.png]](http://s11.postimg.org/4uakgvv4j/wirehark_pass.png)
As you can see this can be very dangerous if used in a internet café or hotel. That is why you can never trust public wifi. Always make sure when you login to a website that it says https. Https encrypts the traffic so you can not sniff passwords.
www.extremehacking.org
CEHv8 CHFIv8 ECSAv8 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE,Certified Ethical Hacking, Center For Advanced Security Training in India, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune