This is our old Q&A Site. Please post any new questions and answers at

Hi, I'm trying to catch the packet that contains the data for my home page login. I get the 401 not authorised page and Chrome/IE offer the login box. I put in my username and password but Wireshark doesn't seem to catch it. Can anyone explain please?

asked 06 Oct '11, 09:52

turnbui's gravatar image

accept rate: 0%

How do you know that "Wireshark doesn't seem to catch it"?

(06 Oct '11, 10:26) Jaap ♦

because i can't find a packet with my username/password in it. it isn't https so i expect clear text. also i check the frame number then press login then heck frame umber again only to find there re no new frames.

(06 Oct '11, 12:54) turnbui

The browser has several methods to proof the user's identity. In most cases the credentials are somewhat obfuscated with one of these methods:

  • Username and password can be encoded in BASE64. Wireshark can decode the credentials. Use the search function and search for a string in the packet details.
  • In a Windows domain you might have Windows integrated authentication. In this configuration the credentials can be send as NTLM hash or even as Kerberos ticket.

These items are found in the clients HTTP request header.

Another option is to trigger a Javascript, that obfuscates the username and password before sending it with a POST to the server. From a security perspective this is quite silly.

Good hunting!

permanent link

answered 06 Oct '11, 15:52

packethunter's gravatar image

accept rate: 8%

thanks for the info.

(06 Oct '11, 23:45) turnbui
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 06 Oct '11, 09:52

question was seen: 3,220 times

last updated: 06 Oct '11, 23:45

p​o​w​e​r​e​d by O​S​Q​A