How can I capture another IP's HTTP(S) requests in a local network with Wireshark network analyzer? Is it possible?
-
1ettercap.github.io/ettercap– paj28Commented Jun 11, 2016 at 12:50
-
1And I assume you already completed reading the project's wiki, right? Did you encounter any hurdles?– techrafCommented Jun 11, 2016 at 12:51
-
No, i didn't read documentation , i watch video tutorial , that's why i just installed it and tried to capture http requests , it worked , it captured only mine– MaxamCommented Jun 11, 2016 at 12:56
-
3Great! So now click on edit and describe what you did to capture the packets and how it failed. Don't forget to include some vital information about the configuration of your network.– techrafCommented Jun 11, 2016 at 13:10
-
1Let me guess, you've got a switch on your network. In which case you're stuffed unless its a managed switch and you can turn on port-mirroring,– Little CodeCommented Jun 11, 2016 at 13:37
Add a comment
|
2 Answers
By default you aren't able to do so. In every network that is by any sense modern switches are used. Switches don't deliver all packets to everyone on the network like hubs did. Anyway you can redirect another persons traffic by perdorming a MitM Attack.
The most common MitM Attack is ARP spoofing and in my exprience this will work in most networks out there. This attack is based on a well known flaw in the ARP protocol which allows you to cheat someone into believing that your MAC is assigned to the routers IP. This will lead to a situation where you receive all the traffic that is sent from that host to the router. You can migrate this attack with various tools. I prefer the classical arpsoof but you can also use "one shop stop" solutions like bettercap.
Its only about HTTP and HTTPS and your target is using a Windows machine you can try to exploit a weakness in the WPAD protocol. This can be migrated with Responder.
It might be possible, depending on your network (and, for Wi-Fi, for the operating system your machine is running).
If it's an Ethernet network, see the Wireshark Wiki page about capturing on an Ethernet.
If it's a Wi-Fi network, see the Wireshark Wiki page about capturing on a Wi-Fi network AND the Wireshark Wiki page about decrypting traffic from a "protected" Wi-Fi network.