So, in a nutshell: You can't find your password in a Wireshark dump, unless you entered it on a website that does not use HTTPS for transmitting data or you're using an e-mail client that connects to POP / IMAP without encryption. However, these days, when you enter a password in a form, the transmission will usually be secured by HTTPS as indicated by the lock in the URL bar of your browser, so the password doesn't go over the wire as plaintext. If yes, Bob will be authenticated-his cookie will be set, and he'll be redirected to his inbox page, both via HTTP methods. The web application will hash the password and look if the combination of hash and username exists in the database.
Suppose Bob submits an HTML form with his username and his password foobar from the login page of his e-mail provider via an HTTP POST request. The following example is really simplified. It will be hashed at the remote server and that hash will be compared against the one stored in their database. When you send your password through a form, and no other encryption technique is involved at the application layer, it is transmitted as-is over the network. In the upper pane of Wireshark, right-click the HTTP packet and click 'Follow TCP Stream', as shown below. Usually, passwords are only stored as (salted) hashes in the database of your e-mail service provider. How to observe the password in Wireshark Observing the Password in Wireshark In the Wireshark window, box, in the Filter bar,type this filter, as shown below: frame contains Wireshark shows an HTTP packet containing the text. Passwords sent through forms on HTML pages are not sent as hashes.
0 kommentar(er)
