Wireshark questions / first hak

[Grant]

Hey guys

Been watching Hak5 since there debut on Revision3 and I'm loving it! Some of the stuff is a little over my head , but i enjoy learning new things about computers. I've been a " hardware guy " for awhile now building custom pcs for people and would like to extend my knowledge into the software arena.

Recently I've been interested in packet sniffing , mainly the program Wireshark. What I'm trying to do is capture user names and passwords on my home network ( more on the machine I'm using rather than the rest of the network ). So i have a few questions , if you guys dont mind

1. How EXACTLY do i get usernames and passwords from myspace using wireshark? I tested with my own login and cant seem to find the password......is it encrypted? I filtered to show only http and found the myspace entry. When I scroll over the username and password it doesn't show it

2. Can wireshark run in the backround while capturing?

3.When following the tcp stream where would i find this info , and what does it look like?

Thanks guys

[vector]

lol no myspace logins are not encrypted, theyre transmitted in plain text iva had lots of fun with peoples accounts just out of sheer boredom. its fun to snoop on the neighbors and to read their emails and maybe send some "hey im really gay" IM's to their facebook friends, but other than that honestly you find nothing but garbage when you snoop other peoples traffic, crap like jdate.com logins, aim yahoo and icq chats, boring ass emails and spam, myspace logins for sure, anti virus updates, retarted ass google searches, and i do mean fucking retarded its amazing what some people will type into the google search box, they talk to it as if theyre asking a person a question. so unless youre actually going to go somewhere and pwn some interesting shit prepare for the novelty to wear off quickly.

now all that being said i use a couple of programs that would make your arp spoofing, port mirroring, traffic sniffin, snooping nosy life a hell of a lot easier. the first one and one of my favorites is net resident from tamosoft.com, the second is more for wireless security auditing and will allow you to capture encrypted and unencrypted network traffic, inject custom made packets, crack wep and deauth wireless clients, decrypt wireless packets and reconstruct them on the fly in real time, and also supports a wide variety of packet capture types that you can import from other wireless applications for example .cap files from airodump or cain or airopeek or wireshark can be imported, packets reconstructed and a shitload of other options. you can also move netresident logs into commview and vice versa. anyways you can read the infos on it it will save me a lot of type.

heres a series of lopics from poor old joe and his iphone issues. i decided to be an ass and filtered his iphone off of his own wireless router then watched as he asked google fail questions to try and figure out what was wrong.

joes iphone

joes computer

andjoe asking for halp

[Grant]

Ok the reason I'm using Wireshark is because its free ( completely free , not trialware) , and it needs to be discrete since the victim will be using the same computer as me.

And about reading myspace logins in plain text , would you have a screenshot of this ( you can garble out the sensitive stuff ).

And again can wireshark run in the backround?

Edit: i just want to practice in a safe environment so until i learn this i dont want to get in any trouble

[DingleBerries]

keylogger would work much better in this situation, or a scam page since its a local attack.

[digip]

Is wireshark running on the same machine? I fnot, you need to do a MITM to capture the traffic of the other user. Or, if your on wireless, get BackTrack and fireup Wireshark in it while your network card is in monitor mode and you should be able to capture the password. So long as its not cookie authentication, and they actually have to type the email and password, you would be able to capture it with wireshark. If they login autmatically with a cookie, you would have to either replay the cookie, or session hijack using somehting like Hamster and Ferret.

[vector]

is this what you want to see? lol you thought i was lying about the passes being transmitted in plain text or what? :P

heres an example of emails getting pwt over pop3 also

and really im sure if you like an application youll find a way to get it at a huuge discount ;) but if youd rather dick around all day with different OS's, figuring out which drivers i need, how to use these clunky ugly limited applications then thats your choice, but i just thought i'd let you know that theres much better, and much easier to use solutions out there.

[Grant]

keylogger would work much better in this situation, or a scam page since its a local attack.

Yeah you're probably right , i did want to learn how to sniff packets though. I might try it out if you know of any free ones that can run discretely that aren't riddled with viruses. PM me if you do

Is wireshark running on the same machine? I fnot, you need to do a MITM to capture the traffic of the other user. Or, if your on wireless, get BackTrack and fireup Wireshark in it while your network card is in monitor mode and you should be able to capture the password. So long as its not cookie authentication, and they actually have to type the email and password, you would be able to capture it with wireshark. If they login autmatically with a cookie, you would have to either replay the cookie, or session hijack using somehting like Hamster and Ferret.

Yes , wireshark is running on the same machine. And yeah they have to type it out

is this what you want to see? lol you thought i was lying about the passes being transmitted in plain text or what? :P

heres an example of emails getting pwt over pop3 also

and really im sure if you like an application youll find a way to get it at a huuge discount ;) but if youd rather dick around all day with different OS's, figuring out which drivers i need, how to use these clunky ugly limited applications then thats your choice, but i just thought i'd let you know that theres much better, and much easier to use solutions out there.

No thats cool , its just that Netresident program is like $200-300!! Really expensive for something i may only use a few times. Pm me if you know of a way " around this " ;)

But this hack started out as a learning experience , now kinda turned into a small prank on my roommate. I'm going to be moving out this weekend and wanted to do something like what Vector said in his first post

jaja lol

[Grant]

still need some help on this guys

[digip]

Start googling. We have pretty much given you a start. If you capture the packet of someone typing in the name and pass for MySpace, Wireshark will show it, you just hsve to filter the results to get it. Most likely it will be in an HTTP POST event, but you can also search for strings like "login" or if you know their email address, search for it(CTRL+F, then select string and enter the word you want to find in wireshark)

[moonlit]

still need some help on this guys

We help you when you help yourself.

You're being vague and you're being lazy, do some of your own research or just don't bother.

[MBP]

/me to the rescue

"Find a tutorial on what you want and follow it"

case closed move on nothing to see here

[Supra Mike]

and i do mean fucking retarded its amazing what some people will type into the google search box, they talk to it as if theyre asking a person a question.

ROFLCAKES!!!

[g-ram]

i do mean fucking retarded its amazing what some people will type into the google search box, they talk to it as if theyre asking a person a question.

It's due to the death of ask jeeves I swear.