This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I tried to extract login information of window application game such as login portal and login data, but I am confuse where is it located

https://drive.google.com/file/d/0Bwx9g-l32Xo0VTFWQXdEdXJJR2M/view?usp=sharing

asked 28 Jan '17, 02:14

yyk's gravatar image

yyk
6112
accept rate: 0%


A little more context might be helpful to understand what is supposed to happen. We could then focus on expectations to figure out where the information is.

The trace provided has a single TCP connection with some interesting information - if you right click on of the TCP packets and choose Follow TCP Stream (or use display filter: tcp.stream eq 0),

POST /growtopia/server_data.php HTTP/1.0
Accept: */*
Host: growtopia1.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 37

version=2%2E44&platform=0&protocol=26HTTP/1.1 200 OK
Date: Sat, 28 Jan 2017 10:00:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 312
Connection: close
Content-Type: text/html; charset=UTF-8

server|209.59.190.105
port|17092
type|1
**#maint|Server is currently down for `4scheduled maintenance``.  Sadly, this will probably take around four hours.** Follow @growtopiagame.com on twitter for info! #hurryupseth
beta_server|growtopiagame.com
beta_port|27003
beta_type|1
meta|124.13.121.122
RTENDMARKERBS1001

I bolded the interesting piece. Is the issue that you can't get in, so you are trying to troubleshoot? If so, this might be root cause.

If the issue is something else, please provide more detail. There is some UDP traffic to the same host as the TCP connection so I can't discount that this may have additional information that you may be after. I would expect, however, that login occur over TCP, preferably over HTTPS for encryption, but I see regular port80 HTTP traffic here.

permanent link

answered 28 Jan '17, 04:52

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%

Additionally, it is highly unlikely the username/password will be submitted in plain text. I am sure when the server application facilitates the login, it will do so after a TLS session is established.

(28 Jan '17, 13:32) Rooster_50

Hi, this http request is just load for annoucement, because I can still login even it say server is maintenance. I am not sure how it transfer the data, but there seem like no http/https request doing it, this log is start before login and stop after the game logged in so it should contain the data exchange between server and my computer.

(31 Jan '17, 07:06) yyk
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×26
×12

question asked: 28 Jan '17, 02:14

question was seen: 4,927 times

last updated: 31 Jan '17, 07:06

p​o​w​e​r​e​d by O​S​Q​A