1 00:00:00,590 --> 00:00:08,180 And then another thing in a policy is to identify how many passwords are transmitted. 2 00:00:09,470 --> 00:00:14,930 So even by having a strong password, if it's not carried securely, it can be exposed. 3 00:00:16,020 --> 00:00:21,120 So while transmitting a password, the application should use encryption. 4 00:00:22,250 --> 00:00:25,100 And this is, of course, HTP. 5 00:00:26,580 --> 00:00:31,540 But not only passwords, but any other sensitive data such as payment information. 6 00:00:32,130 --> 00:00:37,110 So this brings us to yet another problem that we're going to cover in session management. 7 00:00:37,410 --> 00:00:43,620 HTTPS shouldn't only be used on login pages, but the entire application. 8 00:00:45,480 --> 00:00:51,420 So go to Caleigh and open up your terminal and we're going to capture network traffic to watch for credentials 9 00:00:51,420 --> 00:00:52,440 that are transmitted. 10 00:00:53,780 --> 00:00:59,420 So open up Wireshark by typing and then open up your browser. 11 00:01:00,470 --> 00:01:06,160 And I'm going to just get over here to the right side and go to the B Web login page. 12 00:01:07,310 --> 00:01:13,250 Now, before you log in to be Web, start capturing the traffic on your network interface, so in my 13 00:01:13,250 --> 00:01:19,430 case, it is either one, so I'll choose it and start to capture by clicking this icon on the toolbar. 14 00:01:21,000 --> 00:01:26,190 And then go to the login page and her username and password and login button. 15 00:01:27,870 --> 00:01:30,990 OK, so we logged in, so now let's go to Wireshark. 16 00:01:31,860 --> 00:01:39,420 Now, here's a place that you apply display filters on the captured traffic, so simply type HTP to 17 00:01:39,420 --> 00:01:41,100 view HTP traffic. 18 00:01:41,760 --> 00:01:45,450 As you can see, the first line is the login request that we send. 19 00:01:46,470 --> 00:01:51,580 Click it to choose and below you can display details about this line. 20 00:01:52,500 --> 00:01:55,380 So under this, no, there are HDP related data. 21 00:01:57,100 --> 00:02:01,990 And under this node, you will see the form data has been entered. 22 00:02:03,370 --> 00:02:10,410 And you can see it is in clear text, so anyone on the same network can sniff this data. 23 00:02:11,920 --> 00:02:15,910 You can also right, click on this line and follow the TCP stream. 24 00:02:16,960 --> 00:02:21,130 And then view the HDP traffic data as we see it in berp. 25 00:02:22,060 --> 00:02:24,610 OK, so now I'm going to close this window and stop capturing. 26 00:02:25,820 --> 00:02:34,370 Let's return to the browser again, this time go to an HTTPS Web application and I'll just open the 27 00:02:34,370 --> 00:02:35,360 Twitter login page. 28 00:02:37,070 --> 00:02:41,090 And I'll get me a fresh capture. 29 00:02:43,110 --> 00:02:47,040 OK, so enter in some login information here and log in. 30 00:02:48,810 --> 00:02:52,110 And do you see Wireshark again as capturing the traffic? 31 00:02:53,770 --> 00:02:58,840 But this is not raw htp, it is encrypted traffic. 32 00:02:59,860 --> 00:03:03,310 So I'm going to filter SSL only traffic. 33 00:03:05,110 --> 00:03:08,650 And you can see the protocol, it is to your last version, 1.0 to. 34 00:03:09,580 --> 00:03:11,650 So this means the data is encrypted. 35 00:03:13,060 --> 00:03:19,120 Choose a new line and from the below pane, open, secure socket, layer node. 36 00:03:19,970 --> 00:03:23,930 And here is the encrypted application data sent over the network. 37 00:03:24,860 --> 00:03:31,790 So if you followed TCP stream, you won't see anything, so obviously the point here is as a pen tester, 38 00:03:31,790 --> 00:03:36,560 we need to check of the application data is sent over a secure channel or not. 39 00:03:37,160 --> 00:03:37,670 All right. 40 00:03:37,940 --> 00:03:43,040 So now we need to report and we can benefit from this finding as well.