Packet Capture Detection mailbox security problems

This morning, Wireshark packet capture software, Foxmail client, and Web client were used to test the security of mailbox login. The test was divided into three environments:

1. HTTP Login

After packet capture through Wireshark, it is found that all user names and passwords are submitted in plain text during HTTP Login. packet capture can easily obtain the user name and password, after logging on to a machine, the server generates a random session ID, namely, Sid. At this time, the user is on any machine, you only need to enter the specified Sid as the parameter to log on to the system. You do not need to enter the user name and password. For example, after logging on to my Windows Server, I capture a packet and get the SID number. On a Linux server, I log on using the curl tool.

CodeAs follows:

Curl "mail.cstnet.cn/coremail/xps/index.jsp? SID = baqbkbqqkeeywnfqsoqqidzceqsnzuor & nodetect = true"

The Linux server can also perform email operations without entering the user name and password. To some extent, there are security problems, especially when the SID is intercepted by online hackers, the effect is better.

2. HTTPS Login

However, this problem does not occur when you use HTTPS to log on to your mailbox. All sessions are encrypted and you cannot get any content through packet capture (at least I still cannot ), it completely solves the security problem of mailbox login.

3. Foxmail Login

Like https, the user name and password cannot be obtained in encrypted mode.

Conclusion: Through the above analysis, we recommend that you use the HTTPS login Method for mailbox security considerations, or select the Secure Login method in Foxmail to protect important information, HTTP Mail is still unavailable.