wireshark

Today i'm going to talk about how to use wireshark to actually see what is data is passing and see what inside the data. before i start to explain how to use it this method is not entirely come from me. I actually watch a tutorial in Youtube i will give you the actual link to the video. You can check it at the bottom of the page.

Wireshark is a tool to see a traffic around your network what kind of data and what kind protocol that are use in the network around you or we can say wireshark as packet analyzer. Wireshark is avaliable in linux, windows and mac os you can actuall just download it and install it in this link https://www.wireshark.org/download.html

 Before we start to open wireshark i recommend that you can actually set your homepage to a blank page because if you set the browser to a specific homepage your wireshark will actually listen to the packet traffic and it's going to overwhelm you. I use iceweasel to configure the homepage go to the preference and set the homepage to blank page.

After your open your browser. now open your wireshark

 Apply the interface list at your wireshark and choose that is actually have data moving through the network

Browse www.httprecipes.com it's a website that is design to actually test wireshark in your computer. 

Now the wireshark start to capture the traffic that is actually flow at your network. Now we only interesting finding the http packet you can actually do that by filtering the packet with the column that have been provided or go to the  display filter and type http.

After you done the filtering we can actually determine what kind of server that are use in the website

As you can see the server is use apache server 2.2.26

now as i mention at first we can actually know what data inside the cookies that is have been passing and grabbing password using wireshark

pretty simple

for cookies go to the :http://www.httprecipes.com/1/2/cookies.php

  

i try to enter two cookies in the website first one is williamsiscool and williamsiscool2.and when i try to run the wireshark filter the http packet and find the cookies 

well as you can see i can actually see the cookies that is actually pass at the webpage.

now move one to the grabbing password

go to the:http://www.httprecipes.com/1/2/forms.php

 i try to fill the user id section with "guest" and "guest123". now see your wireshark and filter the http and search for POST because in sql when we pass data. we can actually use GET and POST method

 now you see there are bunch code ish at the lower section. that is actually encoded by POST method but you can solve this by go to display and click follow and choose tcp stream and you can see the data of the password and the user id

Well thats all that i can explain at this entry you can actually go to the source of tutorial video that i watched: https://www.youtube.com/watch?v=NHLTa29iovU

so if you have any critics or question you can comment at my blog  and i open to any sharing about hacking stuff

have a lovely day ^_^