Web security is an ongoing concern, prompting many websites to transition from the less secure HTTP to the more robust HTTPS protocol. However, within internal networks, some companies still rely on HTTP, creating potential vulnerabilities despite external firewalls and intrusion detection systems (IPS).
Consider a scenario where an attacker gains physical access to a company’s premises and identifies an unsecured port lacking switchport security—a measure preventing unauthorized devices from accessing the local area network (LAN). Once connected, the attacker can employ tools like Wireshark to intercept and analyze network traffic. This versatile tool captures data that can later be scrutinized for sensitive information, such as usernames and passwords.
To illustrate the risks associated with HTTP communication, I conducted a demonstration within my own network. Utilizing a Docker container on a designated PC acting as a file/media server, I installed an application that employs the insecure HTTP protocol for user logins. The following walkthrough will delve into capturing and analyzing network traffic, revealing potential security flaws in plaintext transmission of sensitive data
Figure 1
Launching Wireshark marked the initial step in this exploration. Upon initiation, the interface mirrors the image depicted above. Given my Wi-Fi connection, I directed my attention to the interface corresponding to my wireless card, identified by the OS as “wlan0” in this instance. The commencement of the network traffic capture process was initiated by clicking on the distinctive blue fin symbol located under the file tab.
Figure 2
As illustrated in the captivating Figure 2 above, I successfully accessed the webpage using the credentials “te st” for the username and “test” for the password. Subsequently, I halted the Wireshark network traffic capture to delve into the analysis.
Displayed below is a crucial snapshot unveiling the valuable information obtained. Notably, I’ve highlighted the pertinent packet within Wireshark. This particular communication transpired between my device and the server through a web browser employing the HTTP protocol. The IP addresses, both source and destination, are readily discernible. Most strikingly, the displayed content exposes the username and password, conspicuously lacking encryption and susceptible to clear-text visibility.
When company employees engage in password recycling, utilizing the same passwords for their company accounts to access an HTTP site hosted on the company’s LAN, it opens up potential vulnerabilities. In such a scenario, an attacker could potentially gain access to the user credentials, especially for privileged accounts such as an administrator or someone with access to critical financial information within the company. Both situations pose significant risks, underscoring the importance of avoiding the use of HTTP to enhance overall security measures.
Hi, this is a comment.
To get started with moderating, editing, and deleting comments, please visit the Comments screen in the dashboard.
Commenter avatars come from Gravatar.
What i do not realize is in fact how you are no longer actually much more well-favored than you might be right now. You’re very intelligent. You recognize thus considerably in relation to this topic, made me in my view believe it from numerous numerous angles. Its like men and women are not fascinated until it is one thing to do with Lady gaga! Your own stuffs excellent. All the time handle it up!