Go to the menu Edit – Preferences – Protocols – SSL.If you are trying to decrypt HTTPS traffic of other users without access to their computers, this will not work – for that it will encrypt and private space.Īfter receiving the keys for option 1 or 2, you must register them in WireShark:
If we mean decoding our own HTTPS traffic and want to practice, then this strategy will work. We’re talking about the web browser of the person who is trying to steal the password. Well, then grab traffic and use the received key to decrypt it. In essence, it is necessary to steal a file with a session key from another user’s hard drive (which is illegal). To do this, the browser must be configured to write these encryption keys to a log file ( example based on FireFox), and you must receive this log file. Option 2: You can decrypt HTTPS traffic using the session key log file written by Firefox or Chrome. At the time of the connection, you can intercept the session key. Option 1: Connect to the disconnection between the user and the server and capture traffic at the time the connection is established (SSL Handshake). There are several options for answering this question. What if the traffic is encrypted and using HTTPS? SMTP protocol and you will need to enter the following filter: = “AUTH”Īnd more serious utilities to decrypt the encoding protocol.IMAP protocol and filter will be: imap.request contains “login”.The POP protocol and filter looks like this: = “USER” || = “PASS”.You can also learn passwords to user mailboxes using simple filters to display: Thus, using Wireshark, we can not only solve problems in the operation of applications and services, but also try ourselves as a hacker, intercepting passwords that users enter in web forms. I was given a list of coding protocols in order of priority:Īt this stage, we can use the hashcat utility:~ # hashcat -m 0 -a 0 /root/wireshark-hash.lf /root/rockyou.txtAt the output we got the decrypted password: simplepassword We go, for example, to the site and enter our password into the window for identification. Password: e4b7c855be6e3d4307b8d6ba4cd4ab91ĭetermining the type of encoding for decrypting the password Set-Cookie: scifuser = networkguru expires = Thu, 0 23:52:21 GMT path = /Ĭontent-Type: text / html charset = UTF-8 Set-Cookie: non = non expires = Thu, 0 23:52:21 GMT path = / P3P: CP = "NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
0 kommentar(er)
