This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello,

i'm little late in this conversation but i need some help. i tried today to connect to my Box outside from my network & realized that the connection is in http:// once come home i tried the same from a VM & captured the traffic to see if the password is " clear text " the problem is that i don't know in which frame to see. (which ones contains login / password ?) Tried "frame contains abc123 " > doesn't work (why ? it's http:// , why would be crypted ?) Tried "http.request.method == "POST" shows something & finaly tried frame contains "password". I got the frame which contains Key: Password and it's crypted.

8b7cc159a165e6d1dc23c96a83e4822690d737cb

base64 give's me this result ñ¾Üs^}k^¹{§uuÍ·sޚów¸ómº÷G{ß·

and that's no my password.

have the same probleme with capturing email / password (in a hoeme lab)

thanks for your help

asked 24 Sep '15, 05:28

tome80's gravatar image

tome80
11226
accept rate: 0%

edited 28 Sep '15, 10:05

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


If you are using HTTP the password will be within a POST request method. Since you know the password, follow the relevant tcp stream and search for it. It can be that the password is hashed. The one in your description looks like SHA1. If you want us to have a look, create a test account and upload a packet capture to cloudshark or similar.

permanent link

answered 24 Sep '15, 06:30

Roland's gravatar image

Roland
7642415
accept rate: 13%

1

It would be worth determining if the authentication uses one of the browser schemes or if it's an application-based mechanism. If it's browser based you should see an HTTP status code 401 as a response to the first access to the host.

If you see the 401 you will be using:

  • Basic authentication
  • MD5 hash
  • One of the Integrated Windows Authentication mechanisms - see Wikipedia

If you have no 401s then the web app is handling authentication. This may still use a hash and I must admit your password value looks like a hash such as MD5. Unfortunately you would need to find the seed value to generate say an MD5 hash from yor password. You may be able to work it out from the login page source code or included Javascript.

(24 Sep '15, 10:47) PaulOfford

You can't upload the file here, use cloudshark or some file hosting service.

(25 Sep '15, 12:57) Roland

Hello,

I will close the post, seems to much for me but i'll retry properly and follow your advice. if need some help i'll be back.

thank's a lot.

(28 Sep '15, 01:23) tome80

If a question has been solved for your, please don't mark the title with '[resolves]'!

Instead please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).

(28 Sep '15, 10:06) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×26

question asked: 24 Sep '15, 05:28

question was seen: 2,623 times

last updated: 28 Sep '15, 10:06

p​o​w​e​r​e​d by O​S​Q​A