Hey there! Since your friend set up an intentionally insecure HTTP site for your learning, this is a perfect hands-on way to see how unencrypted web traffic exposes sensitive data. Let's break down exactly how to capture the username and password with Wireshark:

1. Get Your Network Ready #

• Ensure you’re connected to the same local network as the test website—Wireshark can only capture traffic that flows through your machine’s network interface, so this is a must.
• Close any extra apps (like streaming services or chat clients) to minimize background traffic—this makes it way easier to spot the login packets later.

2. Launch Wireshark and Start Capturing #

• Open Wireshark, then select the network interface you’re using to access the site (e.g., your Wi-Fi adapter or Ethernet port—look for the one with active traffic).
• Hit the blue shark fin icon to start the capture.

3. Filter to Isolate HTTP Traffic #

• Use Wireshark’s display filter bar to narrow down the noise. Type http and press enter—this will only show you HTTP-related packets.
• If you know the test server’s IP address, you can tighten this even more with http and ip.addr == [SERVER_IP] (replace [SERVER_IP] with the actual IP of your friend’s site).

4. Submit a Login on the Test Site #

• Go to the test website, enter a test username and password, and submit the login form. You can do this a couple times to make sure the traffic is captured.

5. Locate the Login Credentials in Wireshark #

• Look through the captured packets for an HTTP POST request (most login forms use POST, but if yours uses GET, you’ll see that instead).
• Click on that POST/GET request to expand its details in the lower pane.
• Navigate to the Hypertext Transfer Protocol section, then look for Form Data or Request Body—here’s where you’ll see the username and password in plaintext, since there’s no encryption with HTTP.

Key Learning Takeaway #

This works solely because the site uses unencrypted HTTP. If it were using HTTPS (the secure version), all this data would be encrypted, and you wouldn’t be able to read the credentials even if you captured the packets. This is exactly why real-world sites use HTTPS by default!

内容的提问来源于stack exchange，提问作者conroyma5