How to Use Wireshark to Steal Your Own Local Passwords

Nov 16, 2011 09:13 PM

Here at Null Byte, we've spoken a lot about securing and anonymizing traffic. This is a big deal. With all of today's business taking place electronically via computers, we need to be secure when on-the-go. A lot of businesses don't even train their employees to secure their computers to protect from various threats. Here are a few things that should always happen when doing business on computers:

  • Always use a strong OS password.
  • Companies should always offer a VPN service to encrypt employees' traffic.
  • Never access unencrypted wireless.

What's the Deal with Encryption?

You'll hear me say, "encrypt this" or, "use SSL" on a regular basis. But I've come to realize a lot of you still have no idea why this is so important, so let's go over why. Normally, network traffic is transmitted in plaintext. This means that whatever you send over the network can be read by anyone. However, your network interface will only receive and read packets that contain your host IP address. So this means we are safe, right? Wrong.

Open source geeks like myself use open source networking drivers, which allows our interfaces to be switched into promiscuous mode. This forces the networking interface to recieve all packets it sees, effectively "sniffing" all of the packets. This means that the data can be analyzed in hexadecimal, which will reveal any senstive information that was transmitted, such as messages or login credentials.

We are going to be using a packet sniffer to collect information from when we browse the internet. Let's get started.

Requirements

  • Windows (with a USB wireless interface capable of packet sniffing), or GNU/Linux
  • Root privileges

Download & Install Wireshark

Windows users follow a simple point and click install. Linux users must enter text in bold as a terminal command.

Wireshark is a complete internet protocol analyzing suite. It can analyze most forms of traffic and has a quick, clean graphical user interface.

  1. Download Wireshark.
  2. Extract the archive.

      tar zxvf
  3. Configure for installation.

      ./configure
  4. Compile and install the program.

    make && sudo make install
  5. Run wireshark.

      sudo wireshark-gtk

Sniff Packets for Sensitive Information

With Wireshark running, follow along with me in this vTutorial on how to see and sniff traffic. This will help you see how important using HTTPS websites, and encryption is.

Want to learn more about hacking and security? Visit the Null Byte IRC. Follow me on Twitter or G+ for updates.

Photo by Davic 

Comments

No Comments Exist

Be the first, drop a comment!