This article is published for educational purposes only in order to rectify the bugs on HTTP security and how easily they can be hacked or cracked using a simple software.

 

Retrieving the username and password of a user without his permission is called sniffing. It is also a type of hacking which can be applied on low-level secure devices without a high level knowledge in computers. We are using our local network to demonstrate the Sniffing.

 

HTTPS cannot be cracked through this method only HTTP based sites and servers can be sniffed.

 

Pre-requisites

 

– Computer with admin account.

– Connected to the network you are trying to sniff.

Cain and Abel software.

– Little common sense.

 

Procedure

 

First of all you need to install the software Cain and Abel on your computer and run it as administrator.

While starting up, if it gives a warning that firewall is turned then simply click on “OK”.

 

1. Click on “Sniffer” highlighted in image below.

 

cain0 gawking geeks

 

2. Click on “Configure” circled in the image.

 

cain1 gawking geeks

 

3. Select your Network card. You can easily identify a working Network card by looking whether it has an IP address or not. A working Network card will have an IP address and Subnet mask. Then Click on “OK”.

 

cain2 gawking geeks

 

4.

(a) First activate sniffer mode by simply clicking on the green object.

(b) Then click on the Blue plus sign.

 

cain3 gawking geeks

 

5. Simply click on “OK”. It will scan all the active devices connected to the network.

 

cain4 gawking geeks

 

6. Click on “APR” highlighted in image.

 

cain5 gawking geeks

 

7. Click on the blank space and then once again on that on blue plus sign.

 

cain6 gawking geeks

 

8. Select the modem or the server and then the user you want to sniff. You can select multiple users at time and sniff there username and passwords.

 

cain7 gawking geeks

 

9. Click on yellow icon to start the APR. After clicking, software will start poisoning the victim.

 

cain9 gawking geeks

 

10. You need to wait for the user to login. Once the victim logs in, you can find the username and password. Click on “Passwords” highlighted in the image.

 

cain10 gawking geeks

 

11. Click on HTTP and you will able to see the passwords the software caught.

 

Sniffing HTTP passwords with Cain Gawking geeks

 

No more articles