Sniff http passwords

[diamondeyes]

Hi again,

I have an question thats about password sniffing.
I am just trying things for fun so no illegal stuff, but theres one question i have to ask.
There's a ton of stuff about getting an https password, but how can i sniff a password thats form an http site?

What kind of software do i have to use to get the password?

[TAPE]

Well, considering that you may be new to this scene and possibly new to Backtrack, I would say that
reading and Googling is your best option to get a better understanding of what is possible and how
to protect against it.

To help you on your way, read up on ;
> MiTM
> ettercap
> arpspoof
> dsniff

After you have read up and have experienced some options, check back again.

[diamondeyes]

@ TAPE

I'm not really a newbie . I know all kind of stuff like you said, but it only detects https passwords and if i log in on a http site the password does not show up.

[lupin]

@ TAPE

I'm not really a newbie . I know all kind of stuff like you said, but it only detects https passwords and if i log in on a http site the password does not show up.

Come on, someone experienced in the things you have just claimed to know about wouldn't need to ask this question. This is exactly why TAPE responded the way he did, and its why I didnt respond the first time I read this thread after seeing TAPE's response, because he is right, you need to obtain more of an understanding of how this process works. Really, go and do what TAPE suggested, and add Wireshark to the list of things to read up on.