Wireshark Basics // How to Find Passwords in Network Traffic

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody welcome or welcome back to my channel so I have officially accepted that this is a technology channel that's happening that's what's going on here so for today's video I'm gonna be giving you guys a quick overview of Wireshark some of the things that you can do to monitor your at home network and a quick demo to show you how you can find passwords in HTTP traffic [Music] so for those of you that don't know Wireshark is a free open source software that you can use to analyze packets there is both a Mac and a Windows version that you can download it's a super simple process basically what you do is you download the image file from the website you're a few clicks away and then it is right there in your applications monitoring your network is very very important regardless of whether you are managing a server farm or if you're just focusing on your at home network when you are at home it's important to just fire up Wireshark and see what a normal traffic looks like that way when something happens you'll be able to identify that anomaly [Music] so this may be kind of an intense example by looking at different types of attacks you can kind of understand what you should be looking for on your network for example with a DDoS attack there is a specific type of format or you can definitely identify what that attack looks like by looking at network traffic it's normally some type of flood of the same type of traffic because the goal of that type of attack is to knock legitimate users offline so they are flooding it with tons of sin attacks or like IMCP is the ICMP is it I'm seeing ICMP okay whatever will figure it out it's basically the same type of attack or for example you could take a look at a replay attack which is a type of a man-in-the-middle attack what that looks like is an older packet being sent out of nowhere to try and trick a server into thinking that the attacker is a legitimate user so again these are kind of intense examples but these are things that you would want to look out for when you're monitoring your network another more real-life application that you may have when using wireshark is when taking a look at malware so malware normally has some type of excessive traffic that it's generating either a virus or worm whatever it may be that is taking up bandwidth in your network so what you'd want to do first is familiarize yourself with what regular traffic looks like that way when there is malicious software you'll be able to notice that there is abnormal traffic happening on your network now for the fun part the actual demo I'm going to be showing you guys how you can find a password and username in HTTP traffic again if you don't know already HTTP is how the internet works it's how all of our websites gather the information they need to serve us there's two different types that are used today and the most common now is HTTPS which is hypertext Transfer Protocol secure an HTTP which is the unsecured version normally when you're browsing the Internet you'll know whether or not you're on a secure web site based on the search bar at the top it'll normally say not secure or secure it may have like a little exclamation point or like green lock if it is a secure web site but that's one easy way you can know what type of protocol that website is utilizing or those sites that are not using it they are still sending all of their traffic in plaintext and it is very easy to intercept their packets and see what information is being sent well it seems obvious that everybody should be using HTTPS there's a lot of sites that still don't and awhile I was preparing for this video I searched what web sites still use HTTP and it was really big web sites such as like the Red Cross or NYU or some really big government agencies are still aren't using a secure protocol to make their websites run which is really crazy so for this demo we're gonna be using a website that is specifically created to send credentials over HTTP so that we can test this out and to begin and we're going to go ahead and open up Wireshark so the first thing I'm going to do is open up Wireshark it's gonna give you the option to select from a variety of interfaces and interfaces are just the Internet or how your computer is accessing the Internet so right here you can see the one with this line graph it's our Wi-Fi so I'm gonna go ahead and select that to begin capturing traffic you're gonna hit the blue fin in the left hand corner and right away it's gonna start showing all of the traffic that's going on on our network I have tons of devices that are connected my lights are connected we have again several other devices in this household that are constantly generating traffic so there's a of random stuff going on right now but we want to capture our passwords so I'm gonna jump back over to our website our website esting ground and you can see at the bottom it says username and login and it's gonna give you the credentials to enter so I'm gonna go ahead and type in admin and 1 2 3 4 5 so I can log in again that request was just processed so we should be able to see it in a Wireshark and I do also want to point out that at the top again it just says not secure so we know for a fact that this website is using HTTP so jumping back to wire shack we're gonna go ahead and press the red swear to stop capturing traffic and we're gonna take a second to look at what's going on so as you can see there is tons of network traffic again that has been generated tons of our common protocols like TCP DNS requests UDP is on here and then of course HTTP which were interested in I'll definitely recommend taking a look at all of the different types of protocols that exist because you can get tons of really great information at the very very top there is a bar and we're gonna type in HTTP and this is gonna filter out all the traffic so that we only see HTTP traffic there are two main types of requests with HTTP and the ones that we probably will see the most is the get in the post so get is our website receiving information or requesting information and post is it's sending information back to the server and since we just sent our credentials over to a web server that is the one that we want to take a look at by double clicking on that packet we're gonna see tons of information when you're on one of these packets it's gonna give you tons of information about the type of device that was used to send it that MAC address the IP address again the exact device model that was used and there's always going to be a hexadecimal dump at the bottom and then also an ASCII translation on the other side so normally at the bottom of the ASCII dump is where I would go to first find some credentials so again if you look at the very very bottom you can see credentials that were sent it says user admin password one two three four five one more place where you can find these is right here in this bottom tab right here you can see the forms that were filled out and sent so again it says user and password so if you were using a website that was not using HTTP and you set your credentials and somebody happened to be sitting on the network they would be able to get both your username and your password which is a huge vulnerability for HTTP so I hope you guys enjoyed this quick little overview of Wireshark I hope that that you having a great day and that your mom's okay and that thank you guys so much for watching today's video I hope that this little overview of Wireshark helped you guys out just a little bit if you're new to cybersecurity or if you are in general just interested in protecting your at home Network let me know what you guys use Wireshark for down below I'm very interested to see what all can be done I know this is a very very intense tool and you can do again lots and lots of things with it I'll definitely be making some more videos on Wireshark very very soon if you don't already make sure you follow me on instagram at rebecca jay richard i'm on there a ton and i love interacting with you guys hope to see you guys in my next video very very soon until next time bye you
Info
Channel: Rebecca Richard
Views: 55,153
Rating: undefined out of 5
Keywords: college, cyber security, IT, women in cyber, women in IT, wireshark, network traffic, find password, hacking, hack network, hack passwords
Id: DsEqg6zBHZE
Channel Id: undefined
Length: 8min 23sec (503 seconds)
Published: Mon Mar 16 2020
Related Videos
Wireshark Tutorial for Beginners | Network Scanning Made Easy
Anson Alexander
164K
Wireshark - Malware traffic Analysis
Hack eXPlorer
188K
Wireshark Packet Sniffing Usernames, Passwords, and Web Pages
danscourses
2M
Track & Connect to Smartphones with a Beacon Swarm [Tutorial]
Null Byte
1.1M
Hands-On Traffic Analysis with Wireshark - Let's practice!
Chris Greer
29K
How to DECRYPT HTTPS Traffic with Wireshark
Chris Greer
352K
Coding a Web Server in 25 Lines - Computerphile
Computerphile
312K
How to know if your PC is hacked? Suspicious Network Activity 101
The PC Security Channel
989K
Wireshark Tutorial - Installation and Password sniffing
David Bombal
352K
Cracking WiFi WPA2 Handshake
David Bombal
1.9M
Full Wireshark Tutorial For Absolute Beginners: Learn Wireshark Step by Step| Wireshark Filters
Sunny Dimalu The Cyborg
38K
Wireshark Tutorial 2021- Sniff Usernames & Passwords From Web Pages & Remote Servers
Sunny Dimalu The Cyborg
105K
Hunt Down Social Media Accounts by Usernames Using Sherlock [Tutorial]
Null Byte
2M
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
Vinsloev Academy
1.2M
Wireshark Tutorial for Beginners: How To Capture & Analyze Any Network Traffic (EASY Hands-On!)
Haruna Adoga
2.6K
Network Ports Explained
PowerCert Animated Videos
1.4M
How easy is it to capture data on public free Wi-Fi? - Gary explains
Android Authority
3.1M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.