I was asked to show a live demo on capturing plain texts on network using wireshark. Nowadays we cant able to see http protocol anywhere, everything got converted to https and I am unsure of showing the demo capturing the plain texts transfer across network. Can someone guide me pls? Also it would be nice if something interesting could be shown to users live that create awarness among people. More suggestions are welcome. Thanks in advance.
asked 06 Oct '13, 17:31
You can't capture plain text passwords if the protocol in use is HTTPS - I'd even go as far as saying that passwords transmitted via HTTPS aren't "plain text" anymore. So Wireshark won't help you here as long as the requirements are that a third party should steal plain text passwords. You can of course decode SSL sessions with Wireshark under the right circumstances, but an attacker without additional intel should not be able to do that.
So I see three demo options here:
answered 07 Oct '13, 00:52