This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

can i sniff a Facebook password or hotmail password???

thanks

asked 07 Jan '14, 12:05

bobsta's gravatar image

bobsta
11224
accept rate: 0%


Yes. But you probably can't read it because it is usually encrypted in an HTTPS conversation. If you have the decryption key for SSL you could have Wireshark decode the communication after capture.

permanent link

answered 07 Jan '14, 12:41

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

can i sniff a Facebook password or hotmail password???

the password for both are transmitted via encrypted channels and you won't be able to decrypt that connection, unless you

  1. own the crypto keys of facebook and/or hotmail servers
  2. are able to export the SSL/TLS session keys in your SSL/TLS client (browser, app, etc.) and use those keys to decrypt the session with Wireshark
  3. are able to intercept the SSL/TLS connection with something like Fiddler

You did not say, if you want to sniff the password transmission of your own system or a remote system!

So, let's see:

1.) is rather unlikely, unless

  • you are a very gifted hacker
  • you own the vast majority of shares of either company
  • you have very good contacts to the NSA
  • you can bribe or blackmail one of the server admins

2.) will work

  • on your own system, if your client software supports the export of the session keys (some browsers do, most other software don't).
  • on a remote system, if you are able to install some modified software on the system of your target person. However, if you are able to do that, there is no need to 'sniff' the password ;-)

3.) will work

  • on your own system, by installing and using tools like Fiddler
  • for a remote system, if you have access to major parts of the network of your target person. However, if you have that kind of access, there is probably no need to 'sniff' the password as well ;-)

Good luck!

Regards
Kurt

permanent link

answered 08 Jan '14, 08:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 Jan '14, 08:53

Cookies...cookies :) Spoffing cookies is the best method to get into someone account. If you get cookies you can dump into your browser and use it to autenthication into maybe facebook. Or if you fast computer and advence skill in programming. You can use cuda or some server to decrypt password. This is very brutal and long operation. Although you have big base with rainbow tables. Its take in the most optimistic scenario about few days.

permanent link

answered 21 Aug '14, 00:39

mkubasz's gravatar image

mkubasz
11
accept rate: 0%

edited 21 Aug '14, 00:45

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×16

question asked: 07 Jan '14, 12:05

question was seen: 47,357 times

last updated: 21 Aug '14, 00:45

p​o​w​e​r​e​d by O​S​Q​A