Website Password hacking using WireShark

Website Password hacking using WireShark - blackMORE Ops - 10Did you knew every time you fill in your username and password on a website and press ENTER, you are sending your password. Well, of course you know that. How else you’re going to authenticate yourself to the website?? But, (yes, there’s a small BUT here).. when a website allows you to authenticate using HTTP (PlainText), it is very simple to capture that traffic and later analyze that from any machine over LAN (and even Internet). That bring us to this website password hacking guide that works on any site that is using HTTP protocol for authentication. Well, to do it over Internet, you need to be able to sit on a Gateway or central HUB (BGP routers would do – if you go access and the traffic is routed via that).

But to do it from a LAN is easy and at the same time makes you wonder, how insecure HTTP really is. You could be doing to to your roommate, Work Network or even School, College, University network assuming the network allows broadcast traffic and your LAN card can be set to promiscuous mode.

So lets try this on a simple website. I will hide part of the website name (just for the fact that they are nice people and I respect their privacy.). For the sake of this guide, I will just show everything done on a single machine. As for you, try it between two VirtualBox/VMWare/Physical machines.

p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.

Step 1: Start Wireshark and capture traffic

In Kali Linux you can start Wireshark by going to

Application > Kali Linux > Top 10 Security Tools > Wireshark

In Wireshark go to Capture > Interface and tick the interface that applies to you. In my case, I am using a Wireless USB card, so I’ve selected wlan0.

Website Password hacking using WireShark - blackMORE Ops - 1

Ideally you could just press Start button here and Wireshark will start capturing traffic. In case you missed this, you can always capture traffic by going back to Capture > Interface > Start

Website Password hacking using WireShark - blackMORE Ops - 2

Step 2: Filter captured traffic for POST data

At this point Wireshark is listening to all network traffic and capturing them. I opened a browser and signed in a website using my username and password. When the authentication process was complete and I was logged in, I went back and stopped the capture in Wireshark.

Usually you see a lot of data in Wireshark. However are are only interested on POST data.

Why POST only?

Because when you type in your username, password and press the Login button, it generates a a POST method (in short – you’re sending data to the remote server).

To filter all traffic and locate POST data, type in the following in the filter section

http.request.method == “POST”

See screenshot below. It is showing 1 POST event.

Website Password hacking using WireShark - blackMORE Ops - 3

Check Also

Correct way of installing VirtualBox Guest Additions in Kali Linux 2016.2/2017 (Kali Rolling)

How to install VirtualBox Guest Additions in Kali Linux (Kali Rolling / Kali Linux 2016.2 / Kali 2017)

Since Kali Linux 2016 came out (also known as Kali Rolling), it seems that Official …

Steganography in Kali Linux - Hiding data in image - blackMORE Ops

Steganography in Kali Linux – Hiding data in image

Steganography is the practice of concealing a file, message, image, or video within another file, …

36 comments

  1. hi :)
    As always many thanks for the interesting material in the mythical
    blackmoreops.com

    PS I did some tests ” refresher ” on some old and famous forum at http :
    & After the filter http.request.method == " POST "
    the credentials are in ” CLEAR ” in Base-Line text-data(wireshark)
    ex: http://postimg.org/image/loiekr3jz/full/

    thx-again :-)

  2. is that only capture your own network packet, right?
    so, when we want to capture other computer packet, we must do arp poisoning, please correct me…

    • Hi Akyra,
      Correct. Or if you have access to the Gateway device(for example a router/proxy), you can just do it in there and all the HTTP password for the whole network will come up in Plaintext. Truly scary assuming that someone used the same password in a secured website and in a non-secured website. It’s very old hack but works till date.
      My intention is to show how easily it can be done and people should be aware of it. Cheers,
      -BMO

      • thanks blackmore ops
        I have access to a person network … i know his router mac and from armitage i can access all his computers too but i m unable to find a way to wireshark his computers as u have jst said that its very easy to do so.. but due to my lack to knowledge i cannot do it..
        when i start capturing data from wireshark it only shows the ip im using.. means its capturing only my data not his… would appreciate if u can explain how to capture his date and get passwords…

      • it would be so helpful, f you could get me a tutorial on the method you just said.
        pls help me out.

  3. You can also look for “data-text-lines” in the wireshark filter.
    It gives all the packets were tis line is present.

  4. Please note that sensitive data may be protected on the client-side when playing with plain-text connections e.g. with some JavaScript help. see http://tech.pro/tutorial/631/secure-authentication-without-ssl-using-javascript

  5. How do i know the desktop password over the network of my colleagues computer using wireshark.

  6. I get an error when I type in the filter, basically saying it’s invalid.. any ideas?

  7. can we know the route where the traffic is being directed too? using wireshark? thank you

  8. Can I do all this on my android??
    I want to hack my university DSL router username and password, so can anyone tell??

  9. hello friends,

    My name is gabi and i really need some help with my newly installed Kali 2.0 Sana.

    It actually worked for some couple of weeks and later started acting weird. The issue is this ;

    I cannot browse the internet with either iceweasel or Firefox
    I cannot use the terminal to ping any public internet address, even google dns server
    BUT
    I can use the TOR browser only to access the internet (WEIRD).

    This is driving me crazy, just when i am preparing for my CEHv8 and other security certifications.

    Please guys, the experts, help me out here. I will really appreciate any help.

    Thanks

    Gabi

    • look in the /etc folder for another folder named “Networkmanagement” , in this folder must be a config file, open it with a text editor and you will find the option somethink like “network” oder “networkcard managed” = false, just replace the “false” with “true” and save the config file, then you will be noticed that you are connected to the internet.

  10. Do these systems work with macs?

  11. hey bro i need help urgently i hacked my neighbours wifi but he know but don’t know who i am so i was thinking if i want to be remains anonymous how can i be or if any apps i am using hotspot shield elite. i need assurance he can never trace me …

  12. Hello. I am just wondering, if a wireless USB card is really needed? As for my computer, I have one built in. What would this be called in the Wireshark capture interfaces?

  13. Do you need a professional to go to for all of your cyber/internet issues, i implore you to hire the best only so as to get your job completed without hassles.
    For more info contact:
    Darkwebssolutions on gmail or text +9193076946

  14. hello everyone…we do not need to go through complications trying to hack a website ourselves,hacking job is best done by professionals…when i needed to hack a website database,i contacted birdeye.hack@gmail.com or text (408) 713-5391…he did a perfect job for me within 48hrs…you can also contact him for all sorts of hacking job such as social media websites and phone applications..he is fast and reliable..tell him Rachael referred you..he would be willing to help

  15. Hi everyone…I’m Brian, i’m here to tell everyone that there are still real hackers who do real jobs and help people hack into whatever it is that they wanna hack. My friend gave me a certain hacker’s contact who goes by the name Computer Surgeon, he helped me hack into 4 different websites…He did it so swiftly and discretely and also left no traces at all. You should contact (COMPUTER.SURGEON@OUTLOOK.COM). He also does all sorts of hacks such as social media (facebook, instagram, LinkedIn, snapchat, etc), he also does bank account hacks. Tell him Tess referred you, he’ll be willing to help.

  16. can u help me to hack a website and get the username and password ~
    if can pls email to me
    jack@live.cn

  17. Please assist with retrieving the data website below.

  18. I met an hacker sometime ago who duped me of $400. i told him i needed him to help me change my school grades and he told me that he could get it done faster than i expect…but to my disappointment, he didnt get the job done after he collected money from me and never replied me till date…so i heard of a girl in my school who changed her grades to a better one in the same school i am with the help of a professional hacker(spystealth.org@gmail.com). I went to meet her and begged her to introduce me to the hacker because i needed the grades changed as soon as possible and time wasn`t on my side. so i got his email from her and made contact with him. He helped me fix my grades in less time than i expected without even meeting him face to face…He is more faster and more affordable than i thought. He is good at what he does, he also hacks into phones, facebook accounts, text messages etc. contact spystealth.org@gmail.com and he will help you with anything you need that relates to hacking. Thank me later

  19. I have seen a lot people post comments of how they were scammed by some online
    fraudsters claiming to be hackers and i keep wondering maybe i got lucky with
    Verenich Fedorov, one of the greatest Russian hackers who helped me with
    Bank hack/Funds transfer. He has done several jobs for me and not for once
    has he failed me. If you are here in search of a good hacker
    you should contact Verenich on:

    Email- verenichtech@gmail.com or Kik- Verenichtechnologies

    He hacks facebook,whatsapp,emails,websites,clone’s phones,Clears criminal records,
    changes school grades,bank account hack/transfer,call tracking,retrieval of lost
    documents and so many other services i can’t mention.

  20. After months of searching for a good hacker online and almost giving up,
    i finally got WEB SNIFFER from one of the posts online.
    I contacted this Russian hacker and sent him a Facebook account name and in less than 3 hours he forwarded the password of the account to me.
    Since then i have worked with him for over a year now and recently, he helped a friend of mine hack a WhatsApp and Gmail account.
    You should contact him if you ever need hacking services.
    CONTACT: websniffer@programmer.net

Leave a Reply

Your email address will not be published. Required fields are marked *