Hi everyone
I've been having fun with capturing and analyzing packets the other day. I realized that while basic http authentication and pop connections usernames and passwords appear just as plain text in the pcap software, more advanced protocols make it more difficult, if not impossible.
I started wondering that while we might not be able to decrypt the tcp stream to extract the useful data, maybe we don't need to? Since we already have the encrypted credentials (or a cookie ID, not sure if I understand perfectly how this works), maybe we could start a connection with the server and just feed it the same packet we've already got?
I captured the traffic of myself logging in to some services and then used netcat to open up a connection to the hosts. I pasted the http GET requests I captured with wireshark, but all I got was unfortunately Bad Request responses :( I did fail to achieve any positive results even though I tried a lot, but I still think it's quite a good idea, and maybe some of you more savvy hak5ers could give it a go or explain to me why I'm wrong and this will never work?