Wireshark - View HTTP usernames and passwords

by
Jeremy Canfield |
Updated: March 09 2020
| Wireshark articles
Lets say there is a Web page http://www.example.com/account/login. Notice this page is using the unencrypted HTTP protocol. We can follow these steps in Wireshark to capture the unencrypted packets:
- Start a capture in Wireshark.
- Navigate to http://www.example.com/account/login and sign in. In this example, username jeremy.canfield@example.com and password Super-secret-password are used.
- Stop the catpure in Wireshark.
- Type HTTP into the Filter and select Apply.
- Highlight the POST /Account/Login packet.
- Expand HTML Form URL Encoded.
Using the same example, instead of signing in at http://www.example.com/signin, if we signed in the HTTPS page, https://www.example.com/signin, and run Wireshark, we can see the traffic is definitely encrypted, and we can not see the username or password.
Note: If we have access to the private key, we can decrypt the SSL traffic.
Did you find this article helpful?
If so, consider buying me a coffee over at