Scribd
Upload
151 views5 pages

Experiment 4 - CSW

The document outlines an experiment on password sniffing using Wireshark to capture and analyze network packets containing plaintext passwords. It details the steps to simulate the vulnerability of password transmission, including capturing HTTP packets and filtering for GET and POST methods to find submitted form data. The experiment emphasizes the importance of encryption to protect sensitive information during transmission.

Uploaded by

harshvardhanmishra31
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
151 views5 pages

Experiment 4 - CSW

The document outlines an experiment on password sniffing using Wireshark to capture and analyze network packets containing plaintext passwords. It details the steps to simulate the vulnerability of password transmission, including capturing HTTP packets and filtering for GET and POST methods to find submitted form data. The experiment emphasizes the importance of encryption to protect sensitive information during transmission.

Uploaded by

harshvardhanmishra31
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Experiment No:4

Aim:Password Sniffing: Simulate a scenario where a password is transmitted


in plaintext. Use Wireshark to capture and analyze the packets to demonstrate
the vulnerability and the importance of encryption.
Solution:
Password Sniffing:-Password sniffing is a type of network attack in which an attacker
intercepts data packets that include passwords. The attacker then uses a password-cracking
program to obtain the actual passwords from the intercepted data.Password sniffing can be
used to obtain passwords for any type of account, including email, social media, and
financial accounts.

Step 1:First of all, open your Wireshark tool in your window or in Linux virtual
machine. and start capturing the network. suppose you are capturing your
wireless fidelity.

Step:2 After starting the packet capturing we will go to the website and login
the credential on that website as you can see in the image.
Step-3: Now after completing the login credential we will go and capture the
password in Wireshark. for that we have to use some filter that helps to find
the login credential through the packet capturing.

Step 4: Wireshark has captured some packets but we specifically looking for
HTTP packets. so in the display filter bar we use some command to find all
the captured HTTP packets. as you can see in the below image the green bar
where we apply the filter.
Step 5: So there are some HTTP packets are captured but we specifically
looking for form data that the user submitted to the website. for that, we have
a separate filter .
As we know that there are main two methods used for submitting form data
from web pages like login forms to the server. the methods are-
● GET

● POST

Step 6: So firstly for knowing the credential we use the first method and
apply the filter for the GET methods as you can see below.
As you can see in the image there are two packets where the login page was
requested with a GET request as well, but there is no form data submitted
with a GET request.

Step 7: Now after checking the GET method if we didn’t find the form data,
then we will try the POST method for that we will apply the filter on
Wireshark as you can see.
As you can see we have a packet with form data click on the packet with user
info and the application URL encoded. and click on the down-

HTML form URL Encoded where the login credential is found. login credential
as it is the same that we filed on the website in step 2.

You might also like