Wireshark is a powerful network analysis tool that allows you to capture and analyze network traffic in real-time. Here’s how to use Wireshark on Linux to intercept network traffic:
Step 1: Install Wireshark
If Wireshark is not already installed on your Linux system, you can install it using your distribution’s package manager. For example, on Debian-based systems like Ubuntu, you can use the following command:
sudo apt-get install wireshark
Step 2: Launch Wireshark
Open a terminal window on your Linux system and type wireshark. This will launch the Wireshark application.
Step 3: Choose Network Interface
Upon launching Wireshark, you’ll be prompted to select a network interface to capture traffic. Choose the appropriate interface that connects to the network you want to monitor. For example, if you’re connected via Ethernet, select the Ethernet interface.
Step 4: Start Capturing Traffic
After selecting the network interface, click on the “Start” button or press Ctrl + E to begin capturing traffic. Wireshark will start capturing packets on the selected interface.
Step 5: Start Your Browser to Search
Go to your browser (mozilla firefox) and go to http://test.php.vulnweb.com/ and login to it with fake credentials.
Step 6: Analyze Traffic
As packets are captured, Wireshark will display them in real-time in the main window. Look through the captured packets to identify any interesting traffic, such as HTTP requests or other protocols commonly used for transmitting credentials.
Step 7: Filter Traffic (Optional)
If you’re only interested in specific types of traffic, you can apply filters to narrow down the displayed packets. Use Wireshark’s display filter bar to enter filter expressions, such as filtering by protocol or IP address.
Step 8: View POST packet
· Look out the packet starting with POST /userinfo.php.
· Select the particular packet and look out for its details
· Select the HTML Form URL Encoded section and expand it
· We can able to find the username and password which we have given in the site.
Step 9: Save Captured Traffic (Optional)
If you want to save the captured traffic for further analysis or reference, you can save it as a file using Wireshark’s “File” menu.
Step 10: Exit Wireshark
When you’re done capturing and analyzing traffic, you can exit Wireshark by closing the application window or pressing Ctrl + C in the terminal window.
MITIGATION:
· Encrypt sensitive data transmitted over the network using encryption protocols such as TLS/SSL
· Ensure that sensitive information, such as credentials, is transmitted using secure protocols like HTTPS, SSH, or SFTP
· Segment the network into separate zones with strict access controls to limit the exposure of sensitive information.
· Educate employees about the risks associated with intercepting network traffic and stealing credentials.
· Keep network infrastructure, systems, and applications up to date with the latest security patches and updates.
QUESTION:
find the credentials that were transferred through the network
ANSWER:
USERNAME: john
PASSWORD: 34567