Jump to content

wireshark : sniff http with wireless card


carmelo42

Recommended Posts

Hello guys and girls :)

So I'm trying to sniff HTTP with wireshark :

- I have an ALFA 500 wireless card, connected to my pentest computer

- the alfa card is connected on my wifi network.

- I want to sniff HTTP that comes from my 2nd computer, which is on the same wireless network.

How can I do this ?

(it's workingvery well if my pentest computer is ethernet connected)

Link to comment
Share on other sites

Hello guys and girls :)

So I'm trying to sniff HTTP with wireshark :

- I have an ALFA 500 wireless card, connected to my pentest computer

- the alfa card is connected on my wifi network.

- I want to sniff HTTP that comes from my 2nd computer, which is on the same wireless network.

How can I do this ?

(it's workingvery well if my pentest computer is ethernet connected)

Is it an open WIFI network?

Link to comment
Share on other sites

If you MITM the target, regardless of wireless or wired, you should see all of its traffic and then just use HTTP as the display filter in wireshark to see only http traffic. If its OpenWifi, then put the card sniffing into monitor mode and you should be able to see its traffic if its not encrypted in any way. If in WEP or WPA, then you need to MITM the other node.

Link to comment
Share on other sites

Is it an open WIFI network?

Nope, it's WPA2 protected, but as it's mine, I'm in !

If you MITM the target, regardless of wireless or wired, you should see all of its traffic and then just use HTTP as the display filter in wireshark to see only http traffic. If its OpenWifi, then put the card sniffing into monitor mode and you should be able to see its traffic if its not encrypted in any way. If in WEP or WPA, then you need to MITM the other node.

What I don't understand : do I have to be connected on the wireless network BEFORE putting the card into monitor mode ? And in wireshark what interface do I have to listen ? wlan0 ? mon0 ?

Link to comment
Share on other sites

With WPA, its encrypted, so monitor mode won't see the traffic, so you need to do two things. You can use airomon-zc/ng to start the wireless card in monitor mode if you want, which will give you both a wlan0 and mon0, where the mon0 can be used to inject packets, to arp replays, etc, but if you are connected to the AP with wlan0, then you'll want to MITM the target and sniff the traffic on wlan0. mon0 is not going to be of much use if you already have access to the network, since the traffic is going to be encrypted via WPA, so a MITM of the node while you're connected to the same subnet with wireshark sniffing on the same nic connected to the AP (assuming wlan0) will get you the other nodes traffic. mon0 would be of more use for injection to capture the wpa handshake for later trying to crack the password or deauth clients, etc. In an open wifi network, mon0 would let you see any unencrypted traffic, but a MITM would always be better over the managed nic to capture all traffic of a node.

There are other sniffing tools to capture other things as well once on the network, like urlsnarf, things that capture plain text credentials, etc.

https://www.google.com/search?num=50&newwindow=1&q=linux+mitm&oq=linux+mitm&gs_l=serp.3..0l2j0i22i30l8.511797.517009.0.521212.10.10.0.0.0.0.159.950.8j2.10.0....0...1c.1.32.serp..0.10.948.KdtMr9HdSZU

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...