Wireshark Tutorial | Stealing Password And Cookie

As told earlier sniffers are widely used for stealing passwords and cookies so as a last part to wireshark tutorial I ‘ll roughly cover how you can do this. For this demonstration you’ll need Mozilla Firefox web browser and Add-N-Edit Cookie add-on. After installing Firefox you can download add-on from following links. Once installed restart your browser, you can access this add-on from tools menu.
Now first of all I ‘ll clear how you can steal passwords. Suppose you want to steal password of victim who has account on some http://www.abcxyz.com website then first of all open website on your own browser and view source code. If the site does not uses embedded java script for log-in then and only then you can capture password in plain text format. If URL of site contains https instead of http then all credentials will be encrypted before transmission and you’ll not get any credentials. So if above conditions are met then start capturing packets.
Now click on Edit and select Find Packets, from find window select,
Find by: String
Search in: Packet details
and in string section value specified for password box. Since the action will be post while sending credentials, select a packet with POST in it. See packet details and you’ll get user-name and password.
Now if the website uses embedded Java script or https you will not get password, in such cases find packets with word cookie. Copy all details about cookies in it, now open your Mozilla Firefox click on Tools and open Cookie Editor, select Add New and input all cookie details and you are done, you’ll not need any password just log-in by typing website URL.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s