Suppose there is a site which has a form and it send data through POST method over http (NOT HTTPS)?
I can access this website directly and also the victim’s computer directly.
How can i sniff what data was sent while posting form on that site by the victim’s ip?
OS to be used: ubuntu 9.04
Wireshark should help you. It is cross platform and allows you to sniff any packet that goes through the wire
Capture the traffic and follow the TCP stream in Wireshark.
If the victim computer has WireShark installed, then probably you should run “tshark” in a script, save packets in a file and copy/mail the file to wherever you want. You can then open the file using wireshark and follow tcp stream of whichever connection interests you (HTTP POST ?). This is assuming you have control over the victim computer, WireShark is installed, and you want to capture packets without letting the victim know.
If WireShark is not installed then you can try arp-poisoning (for default gateway) the victim machine and divert all its traffic to you machine (assuming it is connected in the same broadcast domain). Your machine will need to “ip forward” all the traffic coming from victim machine to default gateway.