http login page and tcpdump..
Results 1 to 3 of 3

Thread: http login page and tcpdump..

Hybrid View

  1. #1
    Member
    Join Date
    Oct 2006
    Posts
    63

    http login page and tcpdump..

    I've been playing with tcpdump that is installed on my firewall, and I wanted to capture the username and password during the login session on a webpage, but after going through the packets in the capture I don't seen to find it... what should I be looking for and "http GET=" or something different?... or maybe that some pages the authentication process happens on the server side, and that's the reason why I'm not capturing username, and password.... any clarification appreciated

    thanks

  2. #2
    Member
    Join Date
    Oct 2006
    Posts
    63
    I think is b/c for a brief moment the page goes into https mode although it quickly changes back to http, and traffic goes back to be unencrypted, but I've tried at least 4 or 5 email web services and almost all of them for atleast authentication are using SSL for the sign in process.... I would like to hear ppl opinions

    thanks

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    I'm pretty sure you'll find that most sites try to switch to HTTPS for login information, so that people sniffing on the wire aren't capturing usernames and passwords. Think about it... would you log into a side that was plain text auth?

    That being said, some websites are still plain text submission (unfortunately), however there are specialized tools so that you don't have to scour programs like tcpdump for the information... dsniff and ettercap both have password capturing tools. You may also be interested in the concept of Sidejacking. The guys from ErrataSec released a tool for SideJacking at BlackHat last year.

    That being said, if you're looking to play and do, as you said, own the firewall... which would be inline to your network traffic, there's no reason why you couldn't play with your firewall to do some easy MitM of your SSL traffic.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Similar Threads

  1. The history of the Mac line of Operating systems
    By gore in forum Operating Systems
    Replies: 3
    Last Post: March 7th, 2004, 07:02 AM
  2. A look into IDS/Snort Whole thing by QoD
    By qod in forum The Security Tutorials Forum
    Replies: 6
    Last Post: February 27th, 2004, 02:03 AM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 07:01 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides