Wireshark Basics 08-26-2013, 12:10 PM
#1
Hello HC this is my little introduction to Wireshark. This tutorial will cover capturing cookies and passwords but there are a lot of other uses, I may cover some of them in other tutorials, so lets begin I'll assume you know how to install software so this won't be covered here. you can get Wireshark from wireshark.org.
First you need to start Wireshark and set the network adapter you are using, on Linux systems you will need to start Wireshark with superuser permissions
![[Image: wireshark1.png]](http://s16.postimg.org/bfcdoolhx/wireshark1.png)
In my case I will be using wlp4s0 but your interface will most likely be different and click the green shark fin above to start capturing.
I will be using http://httprecipes.com/ for the purposes of this demonstration to keep my actual details safe
![[Image: wireshark2.png]](http://s22.postimg.org/az498fvc1/wireshark2.png)
As you can see in the image I have set a cookie with the value "chocolate_chip" now back in Wireshark we can filter out our results to find what we are looking for easily. Head over to the filters bar and enter "http" (without quotes) to filter out only http traffic and scroll down until you find a "POST" heading and expand the "Hypertext Transfer Protocol" tab and the "POST" tab if they are not already and as you scroll down you will see
I have highlighted the aforementioned sections in the next image to make it easier to spot
![[Image: wireshark4.png]](http://s22.postimg.org/uzm2y2735/wireshark4.png)
and that's it you have captured the cookie of your victim, you can now use something like greasemonkey for Firefox to inject this into your browser and hijack the session of the victim.
passwords work in much the same way again I will use httprecipes to keep my details safe and use their login form to capture the password as it is sent to the server.
![[Image: wireshark5.png]](http://s21.postimg.org/3ml0xrgp3/wireshark5.png)
back in Wireshark we set the filter to http again and are looking for another "POST" heading, this time head down to the bottom and expand "Line-based text data: " there you will find
Again I have highlighted this in the image so you can see more clearly
![[Image: wireshark6.png]](http://s12.postimg.org/lnk1nx4cd/wireshark6.png)
And that's all there is to it, as for how to protect yourself: use a strong password for your router with WPA2 encryption turn off WPS and for extra security use a VPN or TOR which encrypt your packets as they leave your computer making this type of attack useless
First you need to start Wireshark and set the network adapter you are using, on Linux systems you will need to start Wireshark with superuser permissions
In my case I will be using wlp4s0 but your interface will most likely be different and click the green shark fin above to start capturing.
I will be using http://httprecipes.com/ for the purposes of this demonstration to keep my actual details safe
As you can see in the image I have set a cookie with the value "chocolate_chip" now back in Wireshark we can filter out our results to find what we are looking for easily. Head over to the filters bar and enter "http" (without quotes) to filter out only http traffic and scroll down until you find a "POST" heading and expand the "Hypertext Transfer Protocol" tab and the "POST" tab if they are not already and as you scroll down you will see
Code:
Cookie: test-cookie=chocolate_chip\r\nI have highlighted the aforementioned sections in the next image to make it easier to spot
and that's it you have captured the cookie of your victim, you can now use something like greasemonkey for Firefox to inject this into your browser and hijack the session of the victim.
passwords work in much the same way again I will use httprecipes to keep my details safe and use their login form to capture the password as it is sent to the server.
back in Wireshark we set the filter to http again and are looking for another "POST" heading, this time head down to the bottom and expand "Line-based text data: " there you will find
Code:
uid=username&pwd=passwordAgain I have highlighted this in the image so you can see more clearly
And that's all there is to it, as for how to protect yourself: use a strong password for your router with WPA2 encryption turn off WPS and for extra security use a VPN or TOR which encrypt your packets as they leave your computer making this type of attack useless
If you need help feel free to PM me
![[Image: klfpJD]](http://goo.gl/klfpJD)
Probitcoin
Freebitcoin
BTC clicks
bitcoin wallet:
1FBPAanbs3rJU9BUpobpDJc9hHUaCaC25N
Probitcoin
Freebitcoin
BTC clicks
bitcoin wallet:
1FBPAanbs3rJU9BUpobpDJc9hHUaCaC25N
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
