Hi there, I am using Pirni Pro, a network sniffer, and I did a test on my own network. I have went to mail.yahoo.com, signed up with my username and password, then stoped the sniffer. It gave me a log.pcap file, I have downloaded it to my computer, opened it with WireShark and used the search tool. While searching for "mail.yahoo.com" or "yahoo.com", it gaved me results, but when searching after my username and / or password it gaved me back no results. Any tips please on how to see the username and / or password ? Thanks ! asked 05 Jun '11, 15:18  nlkoo |
One Answer:
You can't see it. Yahoo automatically redirects you to an SSL encrypted page, meaning that you used HTTPS to login. Due to the encryption you won't be able to see the password (which is the reason why it was encrypted in the first place ;-)) If you look at your capture you'll see that mail.yahoo.com replies with a return code 302 in the inital conversation to port 80, redirecting you to https://login.yahoo.com. answered 05 Jun '11, 17:35  Jasper ♦♦ |
Oh, so I can gather all usernames and passwords on websites that have "http://site.com" and not "https:// ?
Thanks for the reply Jasper
converted to comment due to the Q&A nature of this website
Yes, you should, as long as the communication is unencrypted and you are able to capture the packets containing the credentials.