This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

To test the capturing of plain text, I have logged into my router (http://192.168.0.1) and given username and password applying http.request.method == "POST" filter. I have clicked on the captured packets and then expand the Hypertext Transfer Protocol field. The POST data were there, but i cant able to see username and passwords there.. Any help would be really helpful. Thank You.

asked 06 Oct '13, 17:26

Karthick's gravatar image

Karthick
21559
accept rate: 0%


Try using the popup menu of the connection that should have the password and select "Follow TCP stream". If you can't spot the password in there the connection is probably encrypted (or it is the wrong connection you selected).

permanent link

answered 07 Oct '13, 00:53

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Did you search the password by using filters?

frame contains abc123

where abc123 is your password.

If there are no matches, the password is not sent in clear. In that case there is (most certainly) some javascript in use that scrambles the password for the POST request. If so, you'll have to analyze the script code or use a javascript debugger (google for Firefox developer tools).

Regards
Kurt

permanent link

answered 07 Oct '13, 08:12

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

please, 1-> right click on the "packet" to be captured 2-> click on "Follow TCP Stream" 3-> there you will find a line (in a new popup window) 4-> the username will be shown on 2nd/3rd last line(of red-color text) 5-> next to your username, a password would be shown(either in real-password or in encrypted/changed form)

permanent link

answered 05 Mar '14, 21:29

Asif%20Mehmood's gravatar image

Asif Mehmood
112
accept rate: 0%

  1. Use http.request.method == "GET"
  2. then right click follow tcp stream
  3. then switch the connection to "your ip --> router ip"
  4. find [Authentication : basic lkjsdhsjvsdugvsvjbn]
  5. the above hash is base64 you can crack it if you are good at cryptography
  6. otherwise there are some websites which will crack it for you, just paste the above hash (scrambled text) and voila !!!!!.
permanent link

answered 16 Sep '14, 05:27

mayhem's gravatar image

mayhem
11
accept rate: 0%

edited 16 Sep '14, 05:30

Jasper's gravatar image

Jasper ♦♦
23.8k551284

1

Hint for 5.: no need to be good at cryptography - base64 may be considered "obfuscation" at best. Decoding it is child's play.

(16 Sep '14, 05:32) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×58

question asked: 06 Oct '13, 17:26

question was seen: 39,235 times

last updated: 24 Sep '15, 06:04

p​o​w​e​r​e​d by O​S​Q​A