1 00:00:00,610 --> 00:00:08,230 ‫And then another thing in a policy is to identify how many passwords are transmitted. 2 00:00:09,490 --> 00:00:14,950 ‫So even by having a strong password, if it's not carried securely, it can be exposed. 3 00:00:16,020 --> 00:00:21,150 ‫So while transmitting a password, the application should use encryption. 4 00:00:22,270 --> 00:00:25,120 ‫And this is, of course, HTP. 5 00:00:26,600 --> 00:00:31,560 ‫But not only passwords, but any other sensitive data such as payment information. 6 00:00:32,150 --> 00:00:37,130 ‫So this brings us to yet another problem that we're going to cover in session management. 7 00:00:37,430 --> 00:00:43,670 ‫HTTPS shouldn't only be used on login pages, but the entire application. 8 00:00:45,500 --> 00:00:51,440 ‫So go to Caleigh and open up your terminal and we're going to capture network traffic to watch for credentials 9 00:00:51,440 --> 00:00:52,460 ‫that are transmitted. 10 00:00:53,800 --> 00:00:59,440 ‫So open up Wireshark by typing and then open up your browser. 11 00:01:00,590 --> 00:01:06,180 ‫I'm going to just dockett over here to the right side and go to the VoIP login page. 12 00:01:07,330 --> 00:01:12,040 ‫Now, before you logon to be Web, start capturing the traffic on your network interface. 13 00:01:12,880 --> 00:01:18,940 ‫So in my case, it is ethe one, so I'll choose it and start to capture by clicking this icon on the 14 00:01:18,940 --> 00:01:19,450 ‫toolbar. 15 00:01:21,030 --> 00:01:26,190 ‫And then go to the login page and our username and password and login button. 16 00:01:27,890 --> 00:01:31,020 ‫OK, so we logged in, so now let's go to Wireshark. 17 00:01:31,890 --> 00:01:39,470 ‫Now, here's a place that you apply display filters on the captured traffic, so simply type TDP to 18 00:01:39,470 --> 00:01:41,120 ‫view HTP traffic. 19 00:01:41,750 --> 00:01:45,470 ‫As you can see, the first line is the login request that we sent. 20 00:01:46,510 --> 00:01:51,610 ‫Quicker to choose and below, you can display details about this line. 21 00:01:52,540 --> 00:01:55,390 ‫So under this, no, there are HDP related data. 22 00:01:57,120 --> 00:02:02,040 ‫And under this node, you will see the form data has been entered. 23 00:02:03,390 --> 00:02:10,430 ‫And you can see it is in clear text, so anyone on the same network can sniff this data. 24 00:02:11,940 --> 00:02:15,960 ‫You can also right, click on this line and follow the TCP stream. 25 00:02:16,980 --> 00:02:21,140 ‫And then view the GDP traffic data as we see it in berp. 26 00:02:22,110 --> 00:02:24,630 ‫OK, so now I'm going to close this window and stop capturing. 27 00:02:25,850 --> 00:02:34,370 ‫Let's return to the browser again, this time go to an HTTPS Web application and I'll just open the 28 00:02:34,370 --> 00:02:35,360 ‫Twitter login page. 29 00:02:37,090 --> 00:02:41,110 ‫And I'll get me a fresh capture. 30 00:02:43,110 --> 00:02:47,070 ‫OK, so enter in some login information here and log in. 31 00:02:48,830 --> 00:02:52,130 ‫And do you see Wireshark again as capturing the traffic? 32 00:02:53,790 --> 00:02:58,860 ‫But this is not raw htp, it is encrypted traffic. 33 00:02:59,870 --> 00:03:03,320 ‫So I'm going to filter SSL only traffic. 34 00:03:05,130 --> 00:03:08,670 ‫And you can see the protocol, it is to your last version, 1.0 to. 35 00:03:09,590 --> 00:03:11,660 ‫So this means the data is encrypted. 36 00:03:13,060 --> 00:03:19,120 ‫Choose a new line and from the below pane, open, secure socket, layer node. 37 00:03:19,990 --> 00:03:27,940 ‫And here is the encrypted application data sent over the network, so if you followed TCP stream, you 38 00:03:27,940 --> 00:03:28,690 ‫won't see anything. 39 00:03:29,510 --> 00:03:35,020 ‫So obviously the point here is as a pen tester, we need to check of the application data is sent over 40 00:03:35,020 --> 00:03:36,580 ‫a secure channel or not. 41 00:03:37,180 --> 00:03:37,690 ‫All right. 42 00:03:37,930 --> 00:03:43,060 ‫So now we need to report and we can benefit from this finding as well.