Post

intercepting HTTP logins with Wireshark

Capturing and analyzing HTTP POST traffic containing unencrypted credentials.

Posted
By Zaki
1 min read

Wireshark HTTP POST Credential Capture A captured POST request over HTTP showing clear-text credentials.

In this project, I used Wireshark to capture traffic from my browser and identified login credentials being transmitted in clear text over an insecure HTTP connection.

How It Was Done

  1. Started a Wireshark capture on Wi-Fi.
  2. Visited http://neverssl.com to trigger unencrypted HTTP traffic.
  3. Used the filter http.request.method == "POST" to isolate form submissions.
  4. Located the POST request containing form data in plain text.

Observations Made:

The captured packet showed:

  • POST /login in the Info column
  • HTTP headers and form fields visible
  • username=C3A43231426 and pass=HMAC%7Bnj5jy6wzgykyj4e7e6swjag9gge%3D%7D included in the body

Anyone on the same network with a packet capture running could read those credentials directly off the wire. No exploit, no tools beyond Wireshark, no decryption required.

The point

Plain HTTP forms are a solved problem. The reason this still matters as an exercise is that the demonstration is faster than the explanation. Read the capture, see the password in cleartext, and the case for HTTPS everywhere makes itself.

Public Wi-Fi, captive portals, anywhere a network is shared with strangers, the threat is exactly this: a passive listener with a default Wireshark filter. HTTPS is what closes the gap. There is no other defence at the protocol level.

Portfolio, Wireshark
http wireshark cleartext network-analysis networking packets project portfolio
This post is licensed under CC BY 4.0 by the author.