Playing with Wireshark
Cheesewaffle
Member Posts: 20 ■□□□□□□□□□
in Off-Topic
Hi Guys,
I have been playing with Wireshark recently.
I realised that facebook is HTTP not HTTPS, so I decided to do a test, whilst running Wireshark on my laptop I logged into facebook. However when I looked through the capture I could not see my username and password.
I was wondering why I couldnt see this, although I was using HTTP which is not encrypted. I could see things like the website name in the capture.
Cheers
I have been playing with Wireshark recently.
I realised that facebook is HTTP not HTTPS, so I decided to do a test, whilst running Wireshark on my laptop I logged into facebook. However when I looked through the capture I could not see my username and password.
I was wondering why I couldnt see this, although I was using HTTP which is not encrypted. I could see things like the website name in the capture.
Cheers
Comments
-
tiersten
Member Posts: 4,505
From the login page:
form method="POST" action="https://login.facebook.com/login.php?login_attempt=1" -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
I honestly wish the whole web site was HTTPS.
On a side note, did you try capturing Facebook chat? I have been wondering if that was encrypted. Haven't tried. -
tiersten
Member Posts: 4,505
Would be nice. Same reason as to why gmail until recently didn't default to SSL encrypted connections though. Its easier on their servers.veritas_libertas wrote: »I honestly wish the whole web site was HTTPS.
Nopeveritas_libertas wrote: »On a side note, did you try capturing Facebook chat? I have been wondering if that was encrypted. Haven't tried. -
Cheesewaffle
Member Posts: 20 ■□□□□□□□□□
From the login page:
form method="POST" action="https://login.facebook.com/login.php?login_attempt=1"
When I do it it uses the get method, not post... hmmm -
tiersten
Member Posts: 4,505
It would be unusual and insecure to have a login system that uses HTTP GET. You'll have to look at the logs to see what its doing. It uses HTTPS POST to that login server when I look at the Facebook main page.Cheesewaffle wrote: »When I do it it uses the get method, not post... hmmm -
tiersten
Member Posts: 4,505
The login page or the actual form submission? It does a HTTPS POST when I look at it in my browser and in Google's cache of the facebook.com main page.Cheesewaffle wrote: »Its using HTTP and get for me... Any ideas? -
Cheesewaffle
Member Posts: 20 ■□□□□□□□□□
I go to Welcome to Facebook | Facebook
Then I start up wireshark
I put in my username and password and the only piece of HTTP traffic I see is a Get request...
However I have just had a second look and I see a bit of TLS activity prior to he Get request, so maybe this is the password exchange? Confusing though as I didnt think HTTP used TLs. -
tiersten
Member Posts: 4,505
The GET request you see is your browser loading the logged in page of Facebook or the redirection page that bounces you to the logged in page. The encrypted part is the POST form submission of your username and password to the Facebook login server.Cheesewaffle wrote: »However I have just had a second look and I see a bit of TLS activity prior to he Get request, so maybe this is the password exchange?
Examine the Wireshark **** more closely. You should see it opening a connection to login.facebook.com using HTTPS and it sending then receiving a small amount of data. It should then make new connections to other Facebook servers without encryption and start the process of loading up your logged in page.
It doesn't.Cheesewaffle wrote: »Confusing though as I didnt think HTTP used TLs. -
Cheesewaffle
Member Posts: 20 ■□□□□□□□□□
Brilliant, Cheers.
After a closer inspection,
Wireshark never displayed HTTPS in the protocol field as such, it displays TLSv1 with a destination port of 443
Which is HTTPS.
I can sleep now, Thanks