This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to sniff gmail password???

asked 01 Jan '14, 06:31

john6's gravatar image

john6
78810
accept rate: 0%

edited 01 Jan '14, 09:11

grahamb's gravatar image

grahamb ♦
19.8k330206


Your own, or someone else's?

Not easily as it will be encrypted using https, e.g. see the bottom half of this web page: http://samsclass.info/120/proj/p3-wireshark.htm.

If you can manage a mitm attack then you should be able to capture it, or use a proxy, e.g Fiddler, as is explained here.

permanent link

answered 01 Jan '14, 09:25

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

i want to try on local machine not someone else.

(07 Jan '14, 08:07) john6

Well give Fiddler a try then.

(07 Jan '14, 08:39) grahamb ♦

see my answer to a similar question

http://ask.wireshark.org/questions/28647/sniff-a-facebook-password

same problem, just a different web-site. So, on your own system, it ends up with using tools like Fiddler.

Regards
Kurt

(08 Jan '14, 08:52) Kurt Knochner ♦

i know from facebook (which uses https to ) that it can be managed by sniffing the cookies

permanent link

answered 18 Apr '14, 02:46

astrionn's gravatar image

astrionn
11113
accept rate: 0%

To capture the password of an SSL encrypted page requires you to do at least one of two things:

  1. Have a copy of the SSL private key to decrypt the traffic between you and the server (not going to happen since Google owns this key -- might be valuable if you hosted your own mail or https page)
  2. Use something like an SSL Proxy to perform a Man-In-The-Middle attack. This process allows the SSL Proxy platform to fake-out your system by forcing all outbound HTTPS connections to connect to the proxy and use it's SSL Cert and Private key. The proxy will then go out and connect to the remote machine to perform the action you're trying to do.

I've used Charles Proxy (http://www.charlesproxy.com) in the past with great success for viewing SSL encrypted content.

Now... here's the kicker. A smart coder will create some form of a non-reversible, encrypted password before it even leaves your machine to avoid even this type of attack -- granted even this will have it's own pitfalls and could be used to fake-out the login with the correct style of attack, but it would prevent the plain-text password from showing.

Also, if you're trying to view something over IMAPS, your best bet might just be to make sure you don't connect over SSL, then using Wireshark to view this traffic is pretty simple.

I'm not familiar with performing any type of Cookie based attack or any other attack for that matter -- My job is simply to perform protocol analysis, which sometimes requires me to defeat SSL based traffic.

permanent link

answered 21 Apr '14, 09:32

mire3212's gravatar image

mire3212
11114
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×26
×19
×4

question asked: 01 Jan '14, 06:31

question was seen: 43,703 times

last updated: 21 Apr '14, 09:32

p​o​w​e​r​e​d by O​S​Q​A