Many beginner-friendly sites or older web applications still use HTTP, which transmits data without encryption.
When a user logs in to an HTTP site, their username and password are sent in clear text, meaning anyone sniffing the network can read them. In this short article, I will demonstrate how usernames and passwords can be captured on a network.
First, ensure that you have tshark installed on your Linux system by running the command “apt install tshark”. Then open your terminal and type the following command:
tshark -i eth0 -Y "http.request.method == POST" -T fields -e http.host -e http.request.uri -e http.file_dataOutput:
This command listens to your network traffic (eth0) and filters for HTTP POST requests, which are often used when someone logs into a website or submits a form.
Now, I will open Firefox browser and try to log in to an HTTP website (http://testaspnet.vulnweb.com/login.aspx). I will type…