How to view HTTP usernames and passwords in Wireshark

Home > Search > How-to
  by

Lets say there is a Web page http://www.example.com/account/login. Notice this page is using the unencrypted HTTP protocol. We can follow these steps in Wireshark to capture the unencrypted packets:

  1. Start a capture in Wireshark.
  2. Navigate to http://www.example.com/account/login and sign in. In this example, username jeremy.canfield@example.com and password Super-secret-password are used.
  3. Stop the catpure in Wireshark.
  4. Type HTTP into the Filter and select Apply.
  5. Highlight the POST /Account/Login packet.
  6. Expand HTML Form URL Encoded.

 

Using the same example, instead of signing in at http://www.example.com/signin, if we signed in the HTTPS page, https://www.example.com/signin, and run Wireshark, we can see the traffic is definitely encrypted, and we can not see the username or password.


 

Note: If we have access to the private key, we can decrypt the SSL traffic.



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments