SSL and Login Boxes....

If you have a website that requires you to enter a username and password then you will need to make sure that all traffic to this form is using HTTPS, in other words ensure that all data is encrypted with a certificate.
Why? Well if you take the login box for my website which is shown below:
JAWS LOGIN
If you then make use of a program like WireShark which is a ethernet packet sniffer you will see the immediate issue shown below:
1. This is the raw packet capture data which can be detected by any network monitor or sniffer, this shows the flow of data from www.a6n.co.uk to the remote computer.....

0       host_ip external_ip     TCP     4912 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460
0.00123 external_ip     host_ip TCP     http > 4912 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1402
0.001264        host_ip external_ip     TCP     4912 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
0.001301        host_ip external_ip     HTTP    POST /cms/admin.php HTTP/1.1  (application/x-www-form-urlencoded)
0.134971        external_ip     host_ip TCP     http > 4912 [ACK] Seq=1 Ack=742 Win=64794 Len=0
0.232414        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232788        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232813        host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=2805 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
0.234099        external_ip     host_ip HTTP    HTTP/1.1 200 OK  (text/html)
0.483833        host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=3699 Win=64641 [TCP CHECKSUM INCORRECT] Len=0
5.759593        external_ip     host_ip TCP     http > 4912 [FIN, ACK] Seq=3699 Ack=742 Win=64794 Len=0
5.75963 host_ip external_ip     TCP     4912 > http [ACK] Seq=742 Ack=3700 Win=64641 [TCP CHECKSUM INCORRECT] Len=0
 

2. Find the section where the data is going to be located.....which in my case in the TCP segment section....

0.232414        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
0.232788        external_ip     host_ip TCP     [TCP segment of a reassembled PDU]
 

3. Hidden in the bytes extracted from the packet capture is the following information:
input type="text" name=" username" id="username" value="Admin" title="Username"/>.

.Password: 
4. Login using the remote credentials.....
WARNING : Yes, this is my website but no I do not use (cuz thats stupid) Admin and Password so do not try this otherwise your IP will be blocked
Username : Admin
Password : password
Polite Note : The TCP port 4192 is the dymanic remote Apache port that my server assigns to web traffic, so this means that the remote computer (you) has a source HTTP port of TCP:4192 and the destination port is always TCP:80...so no you cannot hack TCP:4192 as this is dymanically opened and closed!
Previous Post Next Post

نموذج الاتصال