In this post, I will take you a little more deeper and introduce to the process of grabbing Cookies and Passwords using WireShark. As already known, WireShark is a Network Packet Analyzing tool which can be used to grab and analyze the various network packets passing through the Network Interface. This even includes Cookies and Passwords passing through the network interface card.In short, As HTTP is a stateless protocol, Cookies are one of the ways used to maintain browser state. Once a Cookie has been set on a domain and a specific path, it is echoed back in every subsequent request to the domain and path combination.
1.) Start WireShark and set a filter for HTTP results.
2.) In order to set a cookie, Navigate to http://httprecipes.com/1/2/cookies.php and click on the link “Set Cookie”. You will be asked to enter a value to the cookie. Enter “pinoysecurity” (without quotes) and press Set. This will set the cookie test-cookie with a value “pinoysecurity”.
3.) In WireShark, select the appropriate row with data to and from domain httprecipes.com. Lookout for Set-Cookie in HyperText Transmission Protocol.
4.) Passwords, passed as cleartext can also be grabbed easily using WireShark.