1 00:00:00,390 --> 00:00:07,890 Hi and welcome back in this video, I'm going to show you how you can sniff usernames, passwords and 2 00:00:07,890 --> 00:00:10,470 web pages using Wireshark. 3 00:00:10,800 --> 00:00:18,420 Also known as a network sniffer, monitors Ne4 is a tool that can help you locate network problems by 4 00:00:18,420 --> 00:00:22,620 allowing you to capture and view the packets on your network. 5 00:00:23,100 --> 00:00:30,270 Wireshark is available for free at Wireshark website, and you can download for Windows, Linux and 6 00:00:30,280 --> 00:00:31,770 other platforms. 7 00:00:32,370 --> 00:00:36,630 But for this tutorial, I will use Wireshark from my Windows machine. 8 00:00:37,290 --> 00:00:45,750 If you want to start Wireshark on Kali Linux, just open a terminal and type Wireshark and wait a few 9 00:00:45,750 --> 00:00:46,650 seconds. 10 00:00:47,280 --> 00:00:52,560 The protocols that will be analyzing are FTP and TCP. 11 00:00:52,950 --> 00:01:00,960 F2P stands for File Transfer Protocol and FTP for Hypertext Transfer Protocol. 12 00:01:01,590 --> 00:01:03,780 So let's get started. 13 00:01:04,290 --> 00:01:07,330 Wireshark is really easy to use, actually. 14 00:01:07,350 --> 00:01:13,020 All you have to do, first of all, is tell it which interfaces you want to capture. 15 00:01:13,530 --> 00:01:19,110 So I will go up here and click capture options and interfaces. 16 00:01:19,680 --> 00:01:24,180 And then I have to pick the correct interface, which I want to use. 17 00:01:24,540 --> 00:01:32,550 So I'm going to select and press start, and now I will start capturing traffic on that interface. 18 00:01:33,030 --> 00:01:33,900 Now, let's see. 19 00:01:33,900 --> 00:01:37,680 I want to connect one FTP server on the internet. 20 00:01:38,220 --> 00:01:44,340 So I will open up a file zilla connection to my way post and click Click Connect. 21 00:01:44,850 --> 00:01:53,360 Now it's connecting to my web host online, using my username and password, which is a FTP password. 22 00:01:53,370 --> 00:01:54,420 88. 23 00:01:55,080 --> 00:01:58,860 So I will stop the CAPTCHA and close my connection. 24 00:01:59,370 --> 00:02:02,040 And let's take a look at what we have. 25 00:02:02,700 --> 00:02:05,220 So here is the CAPTCHA package. 26 00:02:05,490 --> 00:02:14,220 As you can see, it's a ton of information, but FTP is the protocol I'm interested in and you can see 27 00:02:14,220 --> 00:02:22,340 right here user first web and then the password, which is FTP Password 88. 28 00:02:23,010 --> 00:02:28,380 If you follow the TCP IP stream, you can see the username and password. 29 00:02:29,220 --> 00:02:35,910 Now I'm going to show you how to obtain the username and password from an FTP site. 30 00:02:36,330 --> 00:02:41,400 So once again, click CAPTCHA interfaces and click Start. 31 00:02:41,880 --> 00:02:43,650 Then you want to go to the site. 32 00:02:43,650 --> 00:02:50,790 You are trying to steal the login information and type in the username and password. 33 00:02:51,270 --> 00:02:54,940 I will put in test user and password. 34 00:02:54,960 --> 00:02:56,250 Just let me in. 35 00:02:56,730 --> 00:03:00,870 Now I will switch back to Wireshark and stop the CAPTCHA. 36 00:03:01,530 --> 00:03:09,600 You also need to change the filter to HTP, request method equal, equal and in caps post. 37 00:03:10,050 --> 00:03:16,250 This is just going to make the packet easier to find when you locate the packet again. 38 00:03:16,260 --> 00:03:20,010 Use Left Click and select Follow TCP IP Stream. 39 00:03:20,670 --> 00:03:24,540 As you can see, here is the user login and the password. 40 00:03:25,380 --> 00:03:32,370 So since packet sniffing is so simple, it is important to know how to protect against the if you have 41 00:03:32,370 --> 00:03:40,560 to put any important information made sure the site uses a HTTPS, which is a secure protocol. 42 00:03:41,100 --> 00:03:42,720 So that's it for now. 43 00:03:43,080 --> 00:03:46,190 Thanks for watching, and I'll see you next time.