This is a static archive of our old Q&A Site. Please post any new questions and answers at

Showing Live session on Wireshark?


I was asked to show a live demo on capturing plain texts on network using wireshark. Nowadays we cant able to see http protocol anywhere, everything got converted to https and I am unsure of showing the demo capturing the plain texts transfer across network. Can someone guide me pls? Also it would be nice if something interesting could be shown to users live that create awarness among people. More suggestions are welcome. Thanks in advance.

asked 06 Oct '13, 17:31

Karthick's gravatar image

accept rate: 0%

One Answer:


You can't capture plain text passwords if the protocol in use is HTTPS - I'd even go as far as saying that passwords transmitted via HTTPS aren't "plain text" anymore. So Wireshark won't help you here as long as the requirements are that a third party should steal plain text passwords. You can of course decode SSL sessions with Wireshark under the right circumstances, but an attacker without additional intel should not be able to do that.

So I see three demo options here:

  1. Find something that isn't HTTPS and demo it
  2. Pretend that the SSL private server key got compromised and decode the HTTPS traffic. This is pretty much noch in the area of an awareness training, unless your attendees are SSL server admins that need another hint that they need to keep their SSL private keys protected
  3. Do someting like a Man-in-the-Middle by using a proxy to get into the communication, like Fiddler. This, once again, is not really a good setup for an awareness training, because people would have to accept bad (forged) SSL certificates before it works - unless, once again, that this is in your scope of the training.

answered 07 Oct '13, 00:52

Jasper's gravatar image

Jasper ♦♦
accept rate: 18%

plus show something about ARP spoofing (cain and abel). Most people are totally unaware of that problem.

(07 Oct '13, 08:06) Kurt Knochner ♦