In this tutorial, I’ll demonstrate credential sniffing using Wireshark.
Before we dive in, I insist you to check out my previous post about Wireshark by following below mentioned link
Link: https://saraswatirepository.com/wireshark/what-is-wireshark-and-basics-of-wireshark/
In order to perform sniffing, Wireshark must be installed on your System.
We’ll be logging into my demo website admin console i.e., http://demo.saraswatirepository.com/admin & parallelly we’ll run Wireshark in order to sniff packets sent from our system to demo.saraswatirepository.com respectively.
Let’s begin,
1. HTTP Traffic Sniffing
i. Start Wireshark packet capture
ii. Open browser & login to http://demo.saraswatirepository.com/admin (You can login to any website)
iii. After logging in stop the wireshark packet capture & on wireshark filter bar enter “http.request.method==POST” & hit Enter as shown in below image.
iv. Right click HTTP POST method packet –> Follow –> TCP stream
v. After following the stream, You can see username & password obtained in clear text as shown in below image.
Hence, Credentials obtained using Wireshark Sniffing.
I’ll also demonstrate credentials sniffing over TELNET.
2. TELNET Traffic Sniffing
i. Start Wireshark packet capture
ii. Initiate TELNET connection to any device from your System where you’re sniffing the Packets
iii. After successful connection, stop wireshark capture & filter the packet using “TELNET” in filter bar as shown in below image.
iv. Right click any of TELNET packet –> Follow –> TCP stream
v. As you can see username & password in clear text as shown in below image.
Hence, TELNET Credentials Sniffed Successfully.
You have noticed that these protocols i.e., HTTP, TELNET, SMTP, IMAP, POP3 & FTP etc. are unsecure because they send & receive data in clear text. These are vulnerable to Man In The Middle Attack (MITM).
Recommendation
It is advisable to use secure protocols like HTTPS, SSH, SMTPS, IMAPS, POP3S & SFTP etc. in order to prevent or mitigate Man In the Middle (MITM) attacks.
