How can I sniff traffic sent by POST method (on another computer)?

Posted on

Problem :

Suppose there is a site which has a form and it send data through POST method over http (NOT HTTPS)?

I can access this website directly and also the victim’s computer directly.
How can i sniff what data was sent while posting form on that site by the victim’s ip?

OS to be used: ubuntu 9.04

Solution :

Wireshark should help you. It is cross platform and allows you to sniff any packet that goes through the wire

The Firebug Extension for Firefox has a very convenient network traffic sniffer built in as well, it will show you all the info about your POST the response as well as what JavaScript functions were running and how long they took to run, all useful stuff when trying to figure out exactly what a website is doing behind the scenes. More information here.

Capture the traffic and follow the TCP stream in Wireshark.

If the victim computer has WireShark installed, then probably you should run “tshark” in a script, save packets in a file and copy/mail the file to wherever you want. You can then open the file using wireshark and follow tcp stream of whichever connection interests you (HTTP POST ?). This is assuming you have control over the victim computer, WireShark is installed, and you want to capture packets without letting the victim know.

If WireShark is not installed then you can try arp-poisoning (for default gateway) the victim machine and divert all its traffic to you machine (assuming it is connected in the same broadcast domain). Your machine will need to “ip forward” all the traffic coming from victim machine to default gateway.

Leave a Reply

Your email address will not be published. Required fields are marked *