Printable View
ok I've been messing around with wireshark for awhile now and I had a question about some sites i was having problems with pulling user names and passwords from. I get the info i need from a lot of other sites, like this site encrypts passwords with md5, but what about other sites like myspace does anyone know what encryption they use or some of the common, post form encryptions that other sites are using
You have to use the MITM attack (man or monkey in the middle using some other tool like ettercap or arpspoof and then capture the data in wireshark) there is a good thread here that has a tutorial on this. :)
i was running ettercap with commands, check unified sniffing ctrl-s, mitm arp poisoning, sniff remote, start sniffing, then i opened up wireshark, configed my adapter setting added wep key and started getting http packets i looked in the post packets and at the data line and it says username= real name passwords=asfdasdfhuehgtjdshgusdgtfuegugs, i know this isnt the real passwords because it is my account, i just dont know how their encrypting it
p.s. that s not the real username and password that i got out of wireshark i just made it up
If you wanna view your capture with wireshark, and read it correctly...you MUST use airdecap-ng to strip off the encryption so you can see the "real" passwords.Quote:
Originally Posted by escabar
ok so i did a capture with airodump-ng -w out -c 6
then did airdecap-ng -e **** -w***** out-01.cap
then opened in wireshark i didnt see anything different than when i just did the whole thing with just wireshark, did i miss something
Here you go.
http://www.security-freak.net/tools/...rdecap-ng.html
pureh@te = supa spoon feeda
Should change your name to PureFeeda! haha j/k :)Quote:
Originally Posted by pureh@te
thanks supa spoon feeda haha, but i think we might have had a miscommunication. I would like to give up on this because its not that important, but i don't work that way now i have to figure this out or it will drive me crazy for the rest of my days. i checked out the link you posted but it didn't really help i have already done that, i also checked out a real good vid on the milworm site on ettercap. Im just restating what ive done maybe i left something out last time or miss worded it:
ok i used ettercap and did the arp stuff, and i did it successfully i was able to capture my facebook, hotmail, yahoo mail, and a few others however i noticed it didnt work with myspace, because obviously it doesnt use https, i guess they just use an ecryption in their sign in form or something im not sure, so i opened wireshark and then entered my wep key into the i802.1 protocol config and started my capture i went to a webpage with a known non encryption and caught it the data line clearly outputted my real user name and password in plain text, so i did it with myspace and the data line clearly output my user name in clear text but the password was encrypted giving me the conclusion that myspace login form encrypts the password but not user name, meaning to me that i can use decap all i want but its not going to decrypt that password, with that being said, could you give me any more pointers, im not looking to be spoon feed (that still pretty funny to me) just a little help thats all, and i was wondering if you had tried this with myspace, i saw in some of the tuts that they said it worked with my space but i think they might of redone their webpage after the tut was posted or something.
p.s. sorry for such a long post about this subject but its driving me crazy
Cant find it at a quick glance so cant post link but I read something a bit back, thought it was on irongeek but could be wrong.
In a sense they cracked encrypted passwords by cheating, what they did was alter the form on the page going to the victim, the form now has a username field, a password field (that is encrypted using javascript on each keypress) and a hidden text field. They also altered the javascript by adding a function so that when the password field box experienced a keypress the hidden text box received the character but normally.
When the 'victim' submitted the form they sent back the username, encrypted password and a seperate html hidden input with password in clear text.
Then on way out I presume they stripped out the hidden field but thats a guess, cant remember that bit.
Just split up from a 5 1/2 relationship so not in mood to go searching but you get the idea.
I think i'm ok to post this if not by all means delete post.
thanks, for the input, i knew they were doing it with java just not sure how. the home page source code for the login is a javascript. now just gotta figure out java is encrypting it!