Use Wireshark to get user's login information from HTTP packets __ Network
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞
The following text is just a record of a small experiment I do, no code and procedures, no interest, please retreat.
In "Using Tcpmon to verify the security of Web Applications", it is said that HTTP is basically plaintext, if the use of sniffer to obtain HTTP packets, very much private information has been intercepted, the following will record this process.
The sniffer mentioned below is Wireshark, which is an excellent freeware software that you can get from the Wireshark official website.
The site covered below is Tianya User login page (http://passport.tianya.cn/login.jsp), the following experiment to use the registered username test_user2010 and its password t123456.
First of all, we need to know the IP address of this computer and click on the login page of the login button to send him the HTTP request of the machine's IP address, the former can be known with ipconfig, the latter words need to open the Web page source to get the response server URL, and then ping to obtain its IP address Please refer to the following figure:
Open the page source to get the response server URL:
Then ping to get its IP address:
Here, we know that when we enter the user name and password on the login page, the native 192.168.104.173 will contact 184.108.40.206.
The second step, we open the Wireshark, let it start listening to network packets, when we click on the login button and login to stop listening after the success.
In the third step, we can find the desired data from the Wireshark listening results, in order to reduce the range, we can enter ip.src==192.168.104.173 && http in the filter, which indicates that the IP source is native IP, The protocol used is HTTP, and the following results are found:
In the infor column, write a post/login http/1.1 (application ...). A row is the HTTP request that comes after clicking on the login button, which is in the blue box above.
Click on this line, the pop-up interface has already put our input username and password are exposed, the above image in a red box.
Well, the experiment is done here, it means the HTTP based Web world is not secure, the username and password is not enough to protect your private information, so many sites also need to strengthen security, you also try not to put privacy information online.
Finally, thank you for reading this article.
Attached: Screenshot of December 24, 2010
This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or
reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or
complaint, to firstname.lastname@example.org. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
and provide relevant evidence. A staff member will contact you within 5 working days.