Use Wireshark to get user's login information from HTTP packets __ Network

Source: Internet
Author: User
The following text is just a record of a small experiment I do, no code and procedures, no interest, please retreat.

In "Using Tcpmon to verify the security of Web Applications", it is said that HTTP is basically plaintext, if the use of sniffer to obtain HTTP packets, very much private information has been intercepted, the following will record this process.
The sniffer mentioned below is Wireshark, which is an excellent freeware software that you can get from the Wireshark official website.
The site covered below is Tianya User login page (, the following experiment to use the registered username test_user2010 and its password t123456.

First of all, we need to know the IP address of this computer and click on the login page of the login button to send him the HTTP request of the machine's IP address, the former can be known with ipconfig, the latter words need to open the Web page source to get the response server URL, and then ping to obtain its IP address Please refer to the following figure:
Open the page source to get the response server URL:

Then ping to get its IP address:

Here, we know that when we enter the user name and password on the login page, the native will contact

The second step, we open the Wireshark, let it start listening to network packets, when we click on the login button and login to stop listening after the success.

In the third step, we can find the desired data from the Wireshark listening results, in order to reduce the range, we can enter ip.src== && http in the filter, which indicates that the IP source is native IP, The protocol used is HTTP, and the following results are found:

In the infor column, write a post/login http/1.1 (application ...). A row is the HTTP request that comes after clicking on the login button, which is in the blue box above.

Click on this line, the pop-up interface has already put our input username and password are exposed, the above image in a red box.

Well, the experiment is done here, it means the HTTP based Web world is not secure, the username and password is not enough to protect your private information, so many sites also need to strengthen security, you also try not to put privacy information online.

Finally, thank you for reading this article.

Attached: Screenshot of December 24, 2010

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.