This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I was asked to show a live demo on capturing plain texts on network using wireshark. Nowadays we cant able to see http protocol anywhere, everything got converted to https and I am unsure of showing the demo capturing the plain texts transfer across network. Can someone guide me pls? Also it would be nice if something interesting could be shown to users live that create awarness among people. More suggestions are welcome. Thanks in advance.

asked 06 Oct '13, 17:31

Karthick's gravatar image

Karthick
21559
accept rate: 0%


You can't capture plain text passwords if the protocol in use is HTTPS - I'd even go as far as saying that passwords transmitted via HTTPS aren't "plain text" anymore. So Wireshark won't help you here as long as the requirements are that a third party should steal plain text passwords. You can of course decode SSL sessions with Wireshark under the right circumstances, but an attacker without additional intel should not be able to do that.

So I see three demo options here:

  1. Find something that isn't HTTPS and demo it
  2. Pretend that the SSL private server key got compromised and decode the HTTPS traffic. This is pretty much noch in the area of an awareness training, unless your attendees are SSL server admins that need another hint that they need to keep their SSL private keys protected
  3. Do someting like a Man-in-the-Middle by using a proxy to get into the communication, like Fiddler. This, once again, is not really a good setup for an awareness training, because people would have to accept bad (forged) SSL certificates before it works - unless, once again, that this is in your scope of the training.
permanent link

answered 07 Oct '13, 00:52

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

plus show something about ARP spoofing (cain and abel). Most people are totally unaware of that problem.

http://www.chmag.in/article/feb2012/cain-and-abel-black-art-arp-poisoning

(07 Oct '13, 08:06) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×15

question asked: 06 Oct '13, 17:31

question was seen: 1,271 times

last updated: 07 Oct '13, 08:06

p​o​w​e​r​e​d by O​S​Q​A