1
00:00:00,330 --> 00:00:02,900
OK, so I'll start another capture here

2
00:00:04,019 --> 00:00:11,280
and then what I'll do on this web client is open up a browser to the tool box server, so

3
00:00:12,400 --> 00:00:17,400
browse to the IP address of the server you can see here, it says Network is toolkit.

4
00:00:17,860 --> 00:00:23,080
We can see information about Web server, FTP, TFTP, DHCP, syslog.

5
00:00:23,710 --> 00:00:26,910
So various services are running on the server.

6
00:00:27,880 --> 00:00:37,270
What we can do, however, is go to Wireshark and filter for HTTP and notice here we can see the protocol.

7
00:00:38,620 --> 00:00:42,350
We can see as an example which browser was used, it's Mozilla five.

8
00:00:42,370 --> 00:00:43,650
In other words, it's Firefox.

9
00:00:44,500 --> 00:00:50,940
We can see that the server sent information back to the client servers using NGINX.

10
00:00:51,010 --> 00:00:53,770
It's an Ubuntu server we can see.

11
00:00:55,220 --> 00:01:01,640
Information about the server data that was sent to the clients, a notice network is toolkit.

12
00:01:02,690 --> 00:01:04,000
That's what we see over here.

13
00:01:05,260 --> 00:01:06,190
We can see

14
00:01:07,850 --> 00:01:13,190
other information notice files located at and if I go to the right here

15
00:01:14,170 --> 00:01:18,590
you can get to root after logging in and notice that's exactly what you see here.

16
00:01:19,390 --> 00:01:24,730
So I've been able to capture what the user is viewing on HTTP server.

17
00:01:25,180 --> 00:01:27,630
HTTP server is located over here.

18
00:01:27,970 --> 00:01:34,740
So let's see if we can edit the HTTP server located in var.www.html.

19
00:01:35,080 --> 00:01:45,440
So on the server cd var cd www cd html notice we've got the png file here and we've got index.

20
00:01:45,460 --> 00:01:48,130
HTML. If I edit that

21
00:01:49,480 --> 00:01:53,410
and add something to the text here.

22
00:01:54,440 --> 00:01:58,940
So what I'll do is add some HTML here

23
00:02:01,700 --> 00:02:07,400
and say this is a strong password in clear text.

24
00:02:08,419 --> 00:02:12,950
Cisco, something like that, and then I'll save that file.

25
00:02:13,990 --> 00:02:21,070
When I refresh that on the client, notice, we can see that text, but again, that's a really bad

26
00:02:21,070 --> 00:02:24,100
idea because this is in clear text.

27
00:02:25,710 --> 00:02:26,280
So

28
00:02:28,520 --> 00:02:35,840
we can see that in Wireshark, HTTP is in clear text everything that you're watching can be sniffed and

29
00:02:35,840 --> 00:02:38,330
can be read, including pictures.

30
00:02:38,810 --> 00:02:44,810
So notice here we're getting a file from the server, in HTTP get means

31
00:02:44,810 --> 00:02:46,040
send me that information.

32
00:02:46,850 --> 00:02:51,950
Notice here as an example, the client is doing a get for GNS3.png.

33
00:02:52,640 --> 00:02:54,470
In other words, it's trying to get  the image.

34
00:02:55,130 --> 00:02:57,230
The image is this image over here.

35
00:02:58,180 --> 00:03:02,200
We could see as an example that that's the image hosted on the server.

36
00:03:03,140 --> 00:03:06,320
So can we actually view that image?

37
00:03:08,360 --> 00:03:16,370
Images sent from the server to the client over here, so png file or portable network graphics file is sent

38
00:03:16,370 --> 00:03:19,310
to the client. What will do is

39
00:03:20,890 --> 00:03:22,240
export packet bites

40
00:03:23,290 --> 00:03:26,710
and I'm going to save this as a Wireshark capture.

41
00:03:32,250 --> 00:03:35,000
I'll change that name to PNG

42
00:03:37,340 --> 00:03:43,940
because I know it's a PNG file and then what I'll do is double click on that and notice that's the image

43
00:03:43,940 --> 00:03:45,180
that I've saved.

44
00:03:45,950 --> 00:03:52,490
So once again, I selected portable network graphics on notes, a graphics file, click export packet

45
00:03:52,490 --> 00:03:52,940
bytes.

46
00:03:53,850 --> 00:03:56,130
I'll give it a name such as Wireshark

47
00:03:57,820 --> 00:04:02,350
capture 2 and click save

48
00:04:03,650 --> 00:04:09,260
and then all I'm going to simply do is rename it as PNG, I know it's a PNG file

49
00:04:11,690 --> 00:04:12,840
and double click on it

50
00:04:12,860 --> 00:04:14,740
and there you go, there's my image.

51
00:04:15,690 --> 00:04:25,500
So it was as simple as that as an example to capture information in HTTP, such as this clear text information

52
00:04:26,220 --> 00:04:28,270
and  PNG information.

53
00:04:28,710 --> 00:04:32,360
Now, if the server was authenticating, the same thing would apply.

54
00:04:32,610 --> 00:04:37,100
I'd be able to capture the username and password of the the network.

55
00:04:37,740 --> 00:04:40,520
Be careful using clear text protocols.

56
00:04:40,980 --> 00:04:47,700
Be careful using protocols such as Telnet, FTP, TFTP, and HTTP they were in clear text.

57
00:04:48,120 --> 00:04:55,170
Anyone using Wireshark or a hacking application such as Kali Linux will be able to capture those passwords,

58
00:04:55,560 --> 00:04:58,050
be able to read everything that you're sending on the network.