Playing with Wireshark
Cheesewaffle
Member Posts: 20 ■□□□□□□□□□
in Off-Topic
Hi Guys,
I have been playing with Wireshark recently.
I realised that facebook is HTTP not HTTPS, so I decided to do a test, whilst running Wireshark on my laptop I logged into facebook. However when I looked through the capture I could not see my username and password.
I was wondering why I couldnt see this, although I was using HTTP which is not encrypted. I could see things like the website name in the capture.
Cheers
I have been playing with Wireshark recently.
I realised that facebook is HTTP not HTTPS, so I decided to do a test, whilst running Wireshark on my laptop I logged into facebook. However when I looked through the capture I could not see my username and password.
I was wondering why I couldnt see this, although I was using HTTP which is not encrypted. I could see things like the website name in the capture.
Cheers
Comments
-
tiersten Member Posts: 4,505From the login page:
form method="POST" action="https://login.facebook.com/login.php?login_attempt=1" -
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■I honestly wish the whole web site was HTTPS.
On a side note, did you try capturing Facebook chat? I have been wondering if that was encrypted. Haven't tried. -
tiersten Member Posts: 4,505veritas_libertas wrote: »I honestly wish the whole web site was HTTPS.veritas_libertas wrote: »On a side note, did you try capturing Facebook chat? I have been wondering if that was encrypted. Haven't tried.
-
Cheesewaffle Member Posts: 20 ■□□□□□□□□□From the login page:
form method="POST" action="https://login.facebook.com/login.php?login_attempt=1"
When I do it it uses the get method, not post... hmmm -
tiersten Member Posts: 4,505Cheesewaffle wrote: »When I do it it uses the get method, not post... hmmm
-
tiersten Member Posts: 4,505Cheesewaffle wrote: »Its using HTTP and get for me... Any ideas?
-
Cheesewaffle Member Posts: 20 ■□□□□□□□□□I go to Welcome to Facebook | Facebook
Then I start up wireshark
I put in my username and password and the only piece of HTTP traffic I see is a Get request...
However I have just had a second look and I see a bit of TLS activity prior to he Get request, so maybe this is the password exchange? Confusing though as I didnt think HTTP used TLs. -
tiersten Member Posts: 4,505Cheesewaffle wrote: »However I have just had a second look and I see a bit of TLS activity prior to he Get request, so maybe this is the password exchange?
Examine the Wireshark **** more closely. You should see it opening a connection to login.facebook.com using HTTPS and it sending then receiving a small amount of data. It should then make new connections to other Facebook servers without encryption and start the process of loading up your logged in page.Cheesewaffle wrote: »Confusing though as I didnt think HTTP used TLs. -
Cheesewaffle Member Posts: 20 ■□□□□□□□□□Brilliant, Cheers.
After a closer inspection,
Wireshark never displayed HTTPS in the protocol field as such, it displays TLSv1 with a destination port of 443 Which is HTTPS.
I can sleep now, Thanks