Objective ad verbatim:
“A protocol analyzer (also called a sniffer) captures packets to decode and analyze its contents. In this project, you download and install the Wireshark protocol analyzer.” (Ciampa, 2009)
Process:
1. First, I opened up Mozilla Firefox and pointed the browser to www.wireshark.org and downloaded the installer.
2. After the download completed, I ran the installer and launched the program.
3. I then clicked Capture and then Interfaces. I selected ‘Microsoft’, the only interface showing any packet activity.
4. To generate some activity of my own, I opened up the Command Prompt, typed in “ftp server1” and ran the request.
5. Next, I went to www.bluehost.com/cgi-bin/uftp/ and entered in the login credentials (Login: Gerald, Password: happy). I received a login failed message.
6. Returning to Wireshark, I ran a search for the string, “Gerald” to no avail. I ran a few more searches with variants of the word like “Ger” and “ald”. In desperation, I ran searches looking for “happy” and some variants. After a few attempts, I realized that Wireshark might have started to encrypt the login details sent to the server.
7. Giving Bluehost up, I proceeded to start up my own existing server on the local network. I wrote a quick html form that accepts two fields: Username and Password and sends it to a .asp on the server to authenticate. Typing in the same credentials as above, I sent the request to login with Gerald (of course returning a failed login as well; I hadn’t added it to my list of allowed users).
8. Returning to Wireshark, I ran a search for the same string (“Gerald”) and this time, I got a hit right away. I right clicked on the packet and selected ‘Follow TCP Stream’ and ran a ‘Find’ for the string “Gerald” in the window that came up. I could easily find the password as the credentials were sent to server in very easily read plain text (Login=Gerald&Password=happy).
Reflection:
From this project, one can easily see how login credentials sent using a simple html form or code that provides no obfuscation at all to the data sent to the server can be stolen by simply examining the packet bytes. This simple packet sniffing technique can be easily circumvented by scrambling the input of the text beforehand before sending it out in the clear text.
However, simply writing a simple algorithm to do that directly into the page code (with PHP) might hinder an attacker merely for a brief moment. Examination of the page source might reveal how the data is encrypted and the attacker might reconstruct the original credential details by reverse engineering the algorithm.
This project also teaches me the importance of making sure a web page is secure before performing important tasks like online banking or shopping. This can be done by establishing a connection to the web site with https:\\ and Secure Socket Layers (SSL).
Sine Cera,
Jeremy Heng
"Quis custodiet ipsos custodes?"
Hands-On Project 4.1 Sources
No comments:
Post a Comment