Stealing Passwords or Why Encrypted Connections Matter

Today I decided to steal my own password, or at least to see if I could do it.   The theory was simple, sniff the network and find the packet.   I’d never done this before though.   Its really rather simple.   I used WireShark a simple freely available network sniffer.   The procedure was simple.

  • Start WireShark and start capturing packets on the network.
  • Login to a website that does not use https or other means of encrypting connections
  • Stop WireShark capture.
  • Select Edit->Find Packet  … by String .. enter password and search till you find it.

In my case the first hit was on the packet containing the login form, searching for Next let me see the packet on the return trip.   Right there in clear text was my username and password for all the world to see.

What this means is anyone, anywhere, between your browser and the web host can attach a network sniffer and look for passwords, and find them, and also the website you are logging into.   The challenge in obtaining passwords this way is not the technology its the physical access and the fact that companies do a pretty good job guarding their infrastructure.

The solution is to always use secure login pages using https etc.

This is of course the beginning and end of my stint as a password grabber.   I have better things to do.   But it has convinced me of the importance of encyption and security for sure.