There are many articles all over the internet claiming to have tutorials about password sniffing using Wireshark. I decided to write this article because most of these sites are not clear enough about what you can or you cannot do while using Wireshark on this specific subject. Withholding information and making people pay for courses to learn simple things, is against the Anonymous idea. Knowledge should be free. So let me clear this up a bit.

You can sniff passwords using Wireshark. It is very easy.

Start Wireshark in Kali Linux and go to capture-->interface (chose the interface that suits you ( eth0 or wlan0 if want to go wireless) or you can press the play button. You can leave wireshark capturing for a while just to make sure someone logged into some website. When you are done stop capturing and type in the filter bar http.request.method == “POST” an hit enter.

"A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms, that's why we are using "POST"."

Wireshark will show all the post events after hitting enter. Right click on the one you want and select Follow TCP Stream. A new window will open and you will see some info. Look for "password=" and "user=". The "user=" will show the username and "password=" will show the password but in hash. So we have to crack it. Open up a new terminal and type hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txt (any hash that hashcat cracks will be stored in a hashcat.pot file, that will be created in directory where you ran hashcat).

So that's it..But wait..! Have you noticed something in the request. method we typed before? You got it! We used http and not https. Yup! We can only obtain passwords from non-secure connections. So this whole post is useless because nowadays there are no websites that do not use SSL private keys for transactions or e-mail log in. And in case you wonder Wireshark can decrypt SSL traffic provided that you have the private key and the private key has to be in a decrypted PKCS#8 PEM format (RSA). The private key is private to the webserver. If you don't control the webserver you won't be able to obtain it. The certificate only holds the public key so it wouldn't be of much use to you. You could setup a proxy https server and do a man-in-the-middle attack. In that case you would have the key of your proxy server. But it is not that easy. I cannot cover how to do that, as there are many variables to take into consideration.

*Please bear in mind that i am writing this from memory, so i don't give a fuck about what errors you think i have made.

#wireshark #sniffing #anonymous #http #https