ets try this on a simple website. I will hide part of the website
name (just for the fact that they are nice people and I respect their
privacy.). For the sake of this guide, I will just show everything done
on a single machine. As for you, try it between two
VirtualBox/VMWare/Physical machines.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.
Application > Kali Linux > Top 10 Security Tools > Wireshark
In Wireshark go to Capture > Interface and tick the interface that applies to you. In my case, I am using a Wireless USB card, so I’ve selected wlan0.
Ideally you could just press Start button here and Wireshark will start capturing traffic. In case you missed this, you can always capture traffic by going back to Capture > Interface > Start
Usually you see a lot of data in Wireshark. However are are only interested on POST data.
To filter all traffic and locate POST data, type in the following in the filter section
http.request.method == “POST”
See screenshot below. It is showing 1 POST event.
p.s. Note that some routers doesn’t broadcast traffic, so it might fail for those particular ones.
Step 1: Start Wireshark and capture traffic
In Kali Linux you can start Wireshark by going toApplication > Kali Linux > Top 10 Security Tools > Wireshark
In Wireshark go to Capture > Interface and tick the interface that applies to you. In my case, I am using a Wireless USB card, so I’ve selected wlan0.
Ideally you could just press Start button here and Wireshark will start capturing traffic. In case you missed this, you can always capture traffic by going back to Capture > Interface > Start
Step 2: Filter captured traffic for POST data
At this point Wireshark is listening to all network traffic and capturing them. I opened a browser and signed in a website using my username and password. When the authentication process was complete and I was logged in, I went back and stopped the capture in Wireshark.Usually you see a lot of data in Wireshark. However are are only interested on POST data.
Why POST only?
Because when you type in your username, password and press the Login button, it generates a a POST method (in short – you’re sending data to the remote server).To filter all traffic and locate POST data, type in the following in the filter section
http.request.method == “POST”
See screenshot below. It is showing 1 POST event.