March 27th, 2008 09:13 AM
http login page and tcpdump..
I've been playing with tcpdump that is installed on my firewall, and I wanted to capture the username and password during the login session on a webpage, but after going through the packets in the capture I don't seen to find it... what should I be looking for and "http GET=" or something different?... or maybe that some pages the authentication process happens on the server side, and that's the reason why I'm not capturing username, and password.... any clarification appreciated
March 27th, 2008 09:21 AM
I think is b/c for a brief moment the page goes into https mode although it quickly changes back to http, and traffic goes back to be unencrypted, but I've tried at least 4 or 5 email web services and almost all of them for atleast authentication are using SSL for the sign in process.... I would like to hear ppl opinions
March 27th, 2008 12:16 PM
I'm pretty sure you'll find that most sites try to switch to HTTPS for login information, so that people sniffing on the wire aren't capturing usernames and passwords. Think about it... would you log into a side that was plain text auth?
That being said, some websites are still plain text submission (unfortunately), however there are specialized tools so that you don't have to scour programs like tcpdump for the information... dsniff and ettercap both have password capturing tools. You may also be interested in the concept of Sidejacking. The guys from ErrataSec released a tool for SideJacking at BlackHat last year.
That being said, if you're looking to play and do, as you said, own the firewall... which would be inline to your network traffic, there's no reason why you couldn't play with your firewall to do some easy MitM of your SSL traffic.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
By gore in forum Operating Systems
Last Post: March 7th, 2004, 07:02 AM
By qod in forum The Security Tutorials Forum
Last Post: February 27th, 2004, 02:03 AM
By gore in forum Newbie Security Questions
Last Post: December 29th, 2003, 07:01 AM