in Tech Tips

Sniffing WordPress Logins Using Wireshark

Here is another simple tutorial about using Wireshark to find WordPress logins and passwords. This should be a warning to you about the dangers of logging into sites in public wifi spots. If you haven’t used Wireshark before it is a tool that let’s you view the packets of data streaming across a network you are connected to. Previously I wrote a post so you can learn to bypass Wifi paywalls for free.

This tutorial is meant to show you the dangers of logging into sites on public Wifi. ESPECIALLY sites that don’t use https (such as [possibly] your own WordPress site).

1) Fire up Wireshark and select your interface. Usually en0. Hit start and let it start collecting traffic.

Wireshark Opening Screen

2) Head to your blog (or any site that isn’t using HTTPS) and try logging in. After you’ve done this you can stop collecting data.

3) In the filter box type: frame contains DOMAIN. Example: frame contains newmanships.com

Filter: frame contains x

4) Right click on one of the entries that appears and click “Follow TCP Stream”.

Follow TCP Stream

5) The details of the packet will appear. Use the find button and search for pwd. You’ll see, in plaintext, the login and password used to login to the site.

Login and Password in Plaintext

As you can see in this photo the login is “letmein”, the password is “prettyplease” and the domain is newmanships.com. You also can see all kinds of other interesting information such as what type of computer, operating system, and browser the person is using. This should be a good reason why you should be careful using any public wifi you happen to come across.

Write a Comment

Comment