[Wireshark]How to detect clear-text traffic using Wireshark.
Objectives
You will learn how to detect sensitive data flowing via the network in clear text format.
Why you need to know
Some of the applications allow their users to communicate via protocols like HTTP, FTP, Telnet. These protocols transfer data over TCP in clear text. As a network admin, you need to know how determine if there is any sensitive info flowing via the network.
Network Topology
Demo
1: Login Domain Controller
2: Start WampServer.
3: Make sure that windows firewall is off
4:Login DHCP server
5: install Cain&Abel + WinPcap
6:To configure Ethernet card, Configure from menu bar. Leave the settings set to default. Click OK
7:Click Start/stop sniffer tab and Sniffer tab
8:Click the plus (+) icon. The mac address scanner window appears, select Range button, enter the scan range 10.0.0.101–10.0.0.254. Check All Tests, then OK
9:Cain& Abel starts scanning for MAC address and lists all those found.
10: Click ARP bottom left and plus icon
11: Select 10.0.0.101 (domain controller) from the left and 10.0.0.200 (windows 10) from the right
12: Select the added IP address in the configuration/routed packets, and click Start/Stop ARP.
13: Open WireShark and choose the Ethernet
14: Go to windows 10 and open browser. Type http://10.0.0.101/wordress/wp-login.php
*If you get 403 error message like this
https://stackoverflow.com/questions/23382627/wamp-cannot-access-on-local-network-403-forbidden/23385021
Go to WampServer > Apache > httpd-vhost.conf
When you open it, it looks like this
You change it to
So that you can see the login console (Sorry it’s Japanese)
You type username:admin, password:test and click login
15: Go back to domain controller and see WireShark
16: type “http contains wordpress”
17: Choose the HTTP post packet from the filtered list and right-click on its HTML form encoded and click Follow → TCP Steam
18:Wireshark -Follow TCP Stream window appears. This window contains the POST form data, along with the password used to log in to the wordpress website.
Conclusion
You learned how to detect sensitive data flowing via the network in clear text format.