This is a little how-to on sniffing usernames & passwords via Cain & Able. Cain & Able is great as it will auto-parse information on the network and give you readable output (depending on what you are looking for). Now, that is not the only thing that Cain & Able will do but it is the easiest function; just turn it on and it does the work, thats it. :) So, I will outline how to capture basic HTTP authentication.
1. Download & install :)
2. Open Cain & Able
3. There is a little icon that looks like a PCI card, click it
3.1 Note; You may need to select 'configure' at the top to select what network card in case you have more than one
4. Click on the 'Sniffer' tab at the top
5. Click on the 'Passwords' tab at the bottom
6. Click 'HTTP'
7. Now go visit a website that uses basic authentication (non-https).
7.1 Note; Cain & Able comes with a pre-defined list of what to look for. Some sites may use an identifier such as 'usrhere'/'pswhere' instead of something normal like 'user'/'pass'. If you want credentials for that specific site, you will need to view source (or such) and tell Cain & Able what to look for. This is the basic how-to though so I will not get into that yet.
8. Usernames & passwords will show up in the large window.
This video is very basic. Credentials were captured using basic authentication in a apache conf file.
Monday, September 15, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment