Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark

kali linux-wireshark-hack-website-login- picateshackz.com

Whenever you login into a website that requires a username and password, your information is sent to the site to verify your credentials.

This is nothing new and happens constantly whether its Facebook or Gmail.

Ever wonder how hackers capture these passwords?

It is done by using tools such as Wireshark which is built into Pen testing operating systems such as Kali Linux.

As most people know browsers use HTTP to do a request and response that are sent over the internet.

What many don’t realize is HTTP is not encrypted and data is sent in the clear.

This has been updated to use a secure form of HTTP called HTTPS, but the fact is that unless a site is a bank or other secure site most don’t use HTTPS.

To make matters worse a clever MitM (Man-in-the-Middle) attack can fool HTTPS if done cleverly.

A clever MitM attack with tools such as Ettercap will take all the information from a target computer and funnel it through their machine. When a HTTPS request is sent to a secure site the machine in the middle strips the HTTPS request and sends a HTTP request which will send a password back to the attacker in the clear.

The victim is never the wiser since the data they requested is still sent to them.

To combat this most secure sites now do not send HTTP request at all and only allow HTTPS.

But what about the majority of sites that do send simple HTTP request?

Sites that still use HTTP are venerable to tools such as Wireshark and usernames and passwords can be displayed.

Before Wireshark can be run on a victim they must be on the same network. To test this on your own network will be easy since you already belong to it.

Steps to using Wireshark and Kali Linux.

1…

Start Kali Linux and go to Application–>Sniffing spoofing–>Network Sniffers–>wireshark

kali linux-wireshark-hack-website-login- picateshackz.com

2…

After Wireshark starts click on interface and choose the interface you want to use such as Ethernet or wireless.

kali linux-wireshark-hack-website-login- picateshackz.com

3…

Wireshark will begin to show all the data that it being transmitted on the network.

kali linux-wireshark-hack-website-login- picateshackz.com

4…

To narrow down the information you are looking for with out all the clutter filters can be used.

For example to narrow down a specific IP Address the following is typed into the filter bar.

ip addr ==(target IP address)
example (ip addr ==192.168.0.1)

kali linux-wireshark-hack-website-login- picateshackz.com

Summary

If your a system administrator than Wireshark can be helpful in many ways in analyzing traffic. If you are a webmaster than knowing how venerable HTTP is something that must be considered. Using tools such as Wireshark will give you insight into how a potential attack will be done and give you insight intosecuring your network.

Sharing is caring!

2 thoughts on “Kali Linux Tutorial: Hack a Website login Page Password Using Wireshark

  1. Good article but a bit dated. Anyone reading this should be aware most sites use https now, not just banks. That means most captures are no longer going to see many plain text logins. If your looking to get into a site using someone else's credentials, I'd suggest learning about session cookie hijacking. I'm pointing this out to any readers out there. I'm sure the author already knows about this.
    This is still a good article because you can see how you useful Wireshark is for capturing network traffic. Even if there aren't many plain text logins to grab these days, there are still a few. Most people don't use SSL with their email servers for example.

  2. Thanks flyin eye. But doesn't wireshark only capture traffic sent and received to and from the device you're using? So in order to capture someone's else's traffic you would need to either capture from directly from a router or set up a MITM attack between the victim and you? The article does mention MITM attacks but not how to do it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top

So glad to see you sticking around!

Want to be the first one to receive the new stuff?

Enter your email address below and we'll send you the goodies straight to your inbox.

Thank You For Subscribing

This means the world to us!

Spamming is not included! Pinky promise.