Results 1 to 10 of 11

Thread: wireshark question

Hybrid View

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default wireshark question

    ok I've been messing around with wireshark for awhile now and I had a question about some sites i was having problems with pulling user names and passwords from. I get the info i need from a lot of other sites, like this site encrypts passwords with md5, but what about other sites like myspace does anyone know what encryption they use or some of the common, post form encryptions that other sites are using

  2. #2
    Itssid
    Guest

    Default

    You have to use the MITM attack (man or monkey in the middle using some other tool like ettercap or arpspoof and then capture the data in wireshark) there is a good thread here that has a tutorial on this.

  3. #3
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default

    i was running ettercap with commands, check unified sniffing ctrl-s, mitm arp poisoning, sniff remote, start sniffing, then i opened up wireshark, configed my adapter setting added wep key and started getting http packets i looked in the post packets and at the data line and it says username= real name passwords=asfdasdfhuehgtjdshgusdgtfuegugs, i know this isnt the real passwords because it is my account, i just dont know how their encrypting it

    p.s. that s not the real username and password that i got out of wireshark i just made it up

  4. #4
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by escabar View Post
    i was running ettercap with commands, check unified sniffing ctrl-s, mitm arp poisoning, sniff remote, start sniffing, then i opened up wireshark, configed my adapter setting added wep key and started getting http packets i looked in the post packets and at the data line and it says username= real name passwords=asfdasdfhuehgtjdshgusdgtfuegugs, i know this isnt the real passwords because it is my account, i just dont know how their encrypting it

    p.s. that s not the real username and password that i got out of wireshark i just made it up
    If you wanna view your capture with wireshark, and read it correctly...you MUST use airdecap-ng to strip off the encryption so you can see the "real" passwords.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  5. #5
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default

    ok so i did a capture with airodump-ng -w out -c 6
    then did airdecap-ng -e **** -w***** out-01.cap
    then opened in wireshark i didnt see anything different than when i just did the whole thing with just wireshark, did i miss something

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Here you go.

    http://www.security-freak.net/tools/...rdecap-ng.html


    pureh@te = supa spoon feeda

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •