Clear Text Transmission Of Sensitive Data - Everything Is Visible
Summary :
Some applications transmit passwords over an unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim’s network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer.
Many communication channels can be “sniffed” by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
Many of us have seen HTTP and HTTPS in websites but very few are aware about the difference between them. Many people who are making their own websites takes it very casually that do they really need HTTPS or is it okay with HTTP ? So my answer here would be that if the website is static for eg. no logins, no transaction, so saving of data etc. then they do not need HTTPS but if any of this things are their in the website they should go for HTTPS.
Difference Between HTTP and HTTPS
HTTP : Hypertext Transfer Protocol (HTTP) is an application-layer protocol for transmitting hypermedia documents, such as HTML. It was designed for communication between web browsers and web servers.
It doesn’t maintain the integrity of the data that is being transferred. The data can be easily tampered by any attacker in the network. The data that is being transmitted is in the human readable form, which means any intruder can clearly see what the data is.
HTTPS : HTTPS protects the integrity of your website. It helps in preventing intruders from tampering with the communications between your websites and your users’ browsers. Intruders exploit every unprotected resource that travels between your websites and your users.
In HTTPS, S stands for Secure Socket Layer (SSL). Secure Sockets Layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key known to everyone and a private or secret key known only to the recipient of the message.
How to find this vulnerability ?
- Your target website is using http on the login panel
2. Start WireShark for intercepting traffic
Here I have selected Wi-Fi because my PC is connected to Wi-Fi
3. Start packet capturing in WireShark and login to your website
Here you can see the username but the password is hidden, let’s check in the WireShark.
4. Go to WireShark and apply this filter : http.cookie
Any attacker can steal the sensitive information if he/she is in the network.
So this was simple and known to many people but what if every GET request is secured ? The website you visit is using HTTPS, so now what to do ? Have you ever tried for POST request ? Let’s Check it.
On the same website I saw the page was having https://www.website.com but when I intercepted the request using burp suite and I saw the POST request for saving the data was using HTTP protocol and I again intercepted it using WireShark and every thing was visible
Exploiting POST Method :
- Your website is using HTTPS for every GET request
This page was using HTTPS when you visit it. Now this is private information which is visible to user itself but not to an attacker as the GET request is secure by HTTPS protocol
2. Fill the form and Intercept the request using burp suite to check if the POST request is using HTTPS or HTTP for saving or transferring data
3. Now check WireShark logs for the same request using same filter : http.cookie
Mitigation : Applications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality and any functions where sensitive data can be accessed or privileged actions can be performed.
NOTE : You can perform this attack on POST requests like changing password, sending messages, publishing private post, transferring payments etc.
Thank You :)
Instagram : jerry._.3
Happy Hacking ;)
