Now in wireshark, go to edit->find packet.Now open the web browser and visit any insecure site.Now click on the small shark icon at top left of the screen to start capturing the packets.Start wireshark, select appropriate network adapter (Wi-Fi) in our case.Note : For demonstration purpose, we can use any vulnerable web app 1) Capturing Passwords in insecure web apps using wireshark : We will now try to capture credentials using wireshark. When an attacker monitors traffic of this choke point, and when he sniffs the packets, he can easily see all the relevant info via a network monitoring tool like wireshark.
Now all of this data is bound to exit from a choke point in a network. These protocols send data from one end to the other without applying any type of encryption or other methods to hide data in a simple plain text. Generally in a vulnerable web app, the protocol use is a simple HTTP (not HTTPS) or an HTTPS GET method. Img src : How can we capture credentials and other INFO? This third party can even modify or alter the messages which leads to loss in information confidentiality. MITM or Man In The Middle attack is an attack in which when a sender A sends a packet to receiver B, there is an unwanted, untrusted third party C in the middle who receives all the packets and can monitor them. This makes it a very helpful tool for network analyzers to work with and administrate the traffic in a network. It shows in a great depth, the protocols used, which layer does the packet belong to, the data in hex and bit stream format, flag values, and every little detail about a single packet. It can capture live ongoing traffic on a network packet by packet with all its info retained to analyze it later. Also identifying the OS used on the target host. As an ethical hacker, we will use Wireshark to sniff network traffic, annualize the packets and try to identify credentials of your system and web application account. This traffic obtained by the attacker might contain sensitive information such as login credentials, which can be used to perform malicious activities such as user-session impersonation. However, an attacker can use the tools such as Wireshark and sniff the traffic flowing between the client and the server. Network administrators can use sniffers to troubleshoot network problems, examine security problems and debug protocol implementations. Data traversing an HTTP channel is prone to MITM attacks, as it flows in plain-text format.
0 kommentar(er)
