Sniffing or how to recover passwords on your connection or secure internet. Here’s how hackers can recover your passwords when you are connected to a public Wifi or to a site that does not benefit from the SSL protocol.
How to recover passwords over the internet or locally ?
Recovering passwords over the Internet or a local network is much easier than you might think.
We are going to tackle a rather sensitive subject, the tutorial that is proposed to you, is based on the Internet and on the local network, so you will be able to recover passwords, yours of course, because doing this kind of practice is illegal in some countries.
You will see why it is important to be really careful when you are connected to a public Wi-fi or to a website that doesn’t use the SSL protocol, as using a VPN is not enough.
What is Network Sniffing ?
Network sniffing consists of listening to network communications in order to retrieve and analyze the transmitted content.
This content can consist of very sensitive information when no encryption is used.
Among this sensitive information, we can find the content of an email conversation, cookies or even the famous passwords.
So how do you recover passwords ?
Let’s get to the heart of the matter, how to find a password transiting on the network? How can a hacker steal a password from us using a simple network sniffer ?
Warning: This article is not a user manual to find a password that does not belong to you, but a general view to protect you on the mechanism that could be used against you, especially when you are on vacation. We go a bit further than the classic recommendations to see what happens in practice.
Example with Wireshark :
WireShark is a network protocol analysis tool for network administrators.
Official link of the site : Wireshark.
In particular, it is used to show you what I want to show you today.
Let’s imagine that this example allows me to connect to my account on a forum, a blog or any other service requiring a login and password :
If now I start to capture the network traffic with Wireshark and then connect with the login “admin” and password “mdp”, I immediately see a list of network packets including a HTTP packet, more precisely I see the information, sent by the POST method :
And as you can see, my login and password both appear here in clear text, in the middle part (txt=admin&pass=mdp&sub=Send).
The capture was made from my own network card, so I receive everything that goes and comes to my card only.
I could very well configure Wireshark to listen on my entire local network.
But of course it will need the WEP or WPA key of the box if it is a wifi network as well as the obvious authorization of the owner if it is not myself.
How to protect yourself against network sniffing ?
Now you already have a better understanding of why it is often said that you should not go online in Internet cafes and other public networks.
Not only do you not always know which programs are running on the computer you are using, but you can also fall victim to network sniffing.
In fact, the best protection against this type of attack is to use a secure communication protocol such as HTTPS.
To know : What is HTTPS ?
Here is a screenshot of a connection interface similar to the previous screen, but this time using HTTPS :
The transmitted data (Encrypted Application Data) can no longer be seen in clear text and therefore a password can no longer be found without a decryption key.
As you can see, the best protection against network sniffing here is to use HTTPS.
What if the site is not on HTTPS ?
Would you ask me, and that’s an excellent question !
Well you can also use a VPN service that will encrypt traffic, even for sites that are not HTTPS or unencrypted.
Or for a simpler solution, you can use OUR software for free : our Proxy Grabber to retrieve a secure Proxy server with SSL encryption.
All you have to do is add the connection of the recovered proxy server to your web browser, adding the address and port of connection and you’ll be ready to surf for free !
By using a good Proxy server or VPN server, the attacker will not be able to retrieve passwords on the current connection.