Department of Electronics & Communication Engineering

The National Institute of Engineering

(An Autonomous Institute under VTU, Belagavi)
Mysuru – 570 008

Project Report
on
EXRACTION OF VULNARABLE DATA AND IMAGE
(EC6CO3: Communication Network)

Submitted in partial fulfilment for the award of the degree of

Bachelor of Engineering
In
Electronics and Communication Engineering

Submitted by:

CHARAN GOWDA B R - 4NI20EC028

SUHAS M ANGADI - 4NI20EC111
SUHASINI BASAPPA HUKKERI - 4NI20EC114
SURYA C URS - 4NI20EC115
VIDYA DUNDAPPA NATIKAR - 4NI21EC119

VI Semester B.E
2022-23
PACKET SNIFFING
Packet sniffing, also known as network sniffing or protocol analysis, is a technique used in
computer networks to capture and analyze network traffic. It involves intercepting and
examining the data packets flowing over a network to gain insights into the network
communication and extract information from the packets.
When devices communicate over a network, they exchange data in the form of packets. These
packets contain the actual data being transmitted, as well as header information that contains
details about the source and destination addresses, protocols used, and other metadata. Packet
sniffing allows network administrators or security analysts to inspect these packets in real-time
or capture them for later analysis.
Packet sniffers are software or hardware tools that enable packet capture and analysis. They can
be deployed at different points in a network, such as on a router, switch, or directly on a
computer connected to the network. The sniffer tool captures all the packets passing through the
network interface it is monitoring and presents the captured data for analysis.

NETWORK TRAFFIC
In computer networks, network traffic refers to the data that flows between devices connected to
a network. It represents the communication and information exchange happening within the
network or between different networks.
Monitoring and analyzing network traffic is crucial for network administrators and security
professionals to ensure optimal network performance, identify and troubleshoot issues, detect
anomalies or malicious activities, and implement appropriate security measures. Network traffic
analysis tools and techniques, such as packet sniffing (as discussed earlier), can provide insights
into network behavior, performance, and potential security risks.

WIRESHARK TOOL
Wireshark is a widely used and powerful network protocol analyzer tool. It is an open-source
software that allows network administrators, security professionals, and developers to capture,
analyze, and inspect network traffic in real-time. Wireshark supports various platforms, including
Windows, macOS, and Linux. Wireshark can capture network packets from different network
interfaces or read packet capture files from various formats. It supports capturing packets from
Ethernet, Wi-Fi, Bluetooth, USB, and other network interfaces. Wireshark supports a vast range
of network protocols, making it capable of analyzing traffic from multiple layers of the network
stack. It can dissect and interpret protocols at the physical layer (e.g., Ethernet), network layer
(e.g., IP, ICMP), transport layer (e.g., TCP, UDP), and application layer (e.g., HTTP, DNS).
Wireshark provides real-time packet analysis, allowing users to monitor network traffic as it
happens. It presents captured packets in a user-friendly interface, with detailed information about
each packet, including protocol headers, source and destination addresses, timestamps, and
payload data.
Wireshark offers powerful filtering and search capabilities to focus on specific packets or
protocols of interest. Users can create complex filters based on various criteria, such as source or
destination IP addresses, port numbers, protocol types, or specific packet fields. This helps in
narrowing down the captured packets and finding specific information quickly. Wireshark can
decode and display the contents of each packet in a human-readable format. It provides
comprehensive information about each protocol field, allowing users to analyze and understand
the structure and content of network packets.
It's important to note that Wireshark should be used responsibly and in compliance with legal and
ethical guidelines. Capturing and analyzing network traffic may involve privacy concerns and
legal considerations, so it is essential to obtain proper authorization and use the tool for
legitimate purposes.
Wireshark has a large and active community of users and developers who contribute to its
ongoing development, support, and maintenance. Extensive documentation, tutorials, and user
forums are available to help users learn and make the most of the tool's capabilities.

TSHARK TOOL
Tshark is a command-line network protocol analyzer tool that is part of the Wireshark suite. It
provides similar functionality to Wireshark but operates entirely from the command line, making
it suitable for automated tasks, scripting, and remote network analysis. Tshark uses the same
packet analysis engine as Wireshark, allowing users to dissect and inspect network packets in
detail. Tshark has the same features and capabilities as wireshark.
Tshark, being a command-line tool, does not have a graphical user interface like Wireshark. It is
designed for users comfortable with the command line and who require the flexibility and
automation capabilities offered by a command-line interface.
Overall, Tshark is a versatile and powerful tool for network analysis, enabling users to perform
detailed analysis, automation, and scripting tasks from the command line. Its integration with the
Wireshark suite provides a comprehensive network analysis solution for various use cases.

CREATION OF WEBSITES TO EXTRACT THE DATA

We need to create vulnerable websites which consist of a user name and password inorder to
login to that websites. After logging into the website it takes us to another page which says that
“Login Successful” and it also contains a picture /image in that page.
The codes that we have written are as follows:
01. Index.html (asks the username and password to login to the website)
02. Submit.html (consist of login successful message and an image in it)
After executing the above program, output is pasted below

The username given here is [email protected] and the password given is Password2010.
These details helps us to login to the website which takes us to another page.
This code leads us to a page which says Login Successfull and it contains an image.

Output of the above pasted code

\
PROCEDURES TO EXTRACT USERNAME AND PASSWORD
 Open wireshark on n your computer and select Wi-Fi, its starts to capture all the type of packets
visible to it.
 Run the program index.html which asks the username and password to login to the page.
 Provide the essential username and password in order to login to the page, username
([email protected]) and password ((Password2010).
 In wireshark
reshark stop capturing the data and filter only the http packets.
 Then search for http.request.method==
request.method==”POST” in wireshark which contains the http
packet index.php which has the given data and password.
 Select the index.php packet and select the Hypertext Transfer Protocol which
contains/displays the username and password.
 The output has been pasted above.
PROCEDURES TO EXTRACT IMAGE
 Double-click
click the "Wireshark" icon on your computer.
 Click the "Edit" menu on the top navigation bar and select "Preferences." Alternatively, press the
"Shift," "Ctrl" and "P" keys simultaneously on your keyboard.
 Click the "+" icon next to the "Protocols" option in the new window's left sidebar. Go to "TCP" in
the expanded protocol list. You have to scroll down quite a bit, as the list is extensive.
 Check the box for the "Allow sub dissector to reassemble TCP streams" o option.
ption. It should be
enabled now.
 Go back to the protocol list in the left sidebar and click the "HTTP" protocol option to pull it up.
 Check the boxes for “Reassemble HTTP headers spanning multiple TCP segments” and
“Reassemble HTTP bodies spanning multipmultiple
le TCP segments.” Click the “Apply” button to save
your changes, then click “OK” to exit the preferences screen.
 Click the “Capture” menu from the top bar and select “Start.” Alternatively, hit the “Ctrl” and “E”
keys to begin capturing data over the netw
network.
ork. Allow the program to capture enough data, then
stop the capture process.
 Go to the capture menu below and search for a packet in the list that is marked “HTTP/1.1 200
OK (JPEG JPG)” in the “Info” column. Click that packet line.
 Find the “JPEG File Interchange Format” text in the panel below, right
right-click
click it, and select "Export
Selected Packet Bytes." Save the content to a file on your computer
computer.
  This is the output that we obtained finally.

CONCLUSION
The project was implemented successfully and we could extract the username and password
from the vulnerable website using the wireshark tool
tool.
While extracting the image from that vulnerable website we could only extract and save the raw
materials using the wireshark.
We still need to work on how to convert the raw materials into the jpeg/jpg form.
form