why encrypt and then send.(newbie)

hi.. everyone.

as a general programming practise every one says to send any secure information only after encrypting(like passwords in html using javascript)

every one says to encrypt and then send over the network.

but my question is

How a third party(sitting somewhere else) can get the packets sent to some computer Q

kindly tell me a method also.

I want to give it a try… pls…

If you are on the same network as others (and it's a non-switched or wifi network) then you can read the packets that other people send. Also if one of the people in your LAN has a trojan then potentially the trojan owner can also see the packets of the entire LAN. This is how people read the passwords.

Now… regarding the encryption you stated, I just want to clarify a few things. Protocols like FTP send passwords in plain text. This is of course a really bad idea in terms of security. So probably people then thought… we should start encrypting our passwords. Well…. Look at HTTP authentication, there they just encode the credentials and then send those. This is of course totally trivial to reverse.

This is something I haven't checked, but ages ago I was told the MySQL authentication method use to be: You type password. It encrypts it using md5 (or some other hashing algorithm). That gets sent and the server compares it to its hash. You see the problem there? If that was how it worked then do you see the problem there? People don't need to plaintext password, only the hash, which they can retrieve by sniffing the traffic.

Moving towards much more secure methods you have SSL. Now once we have public key cryptography suddenly we're secure. Without a Man In the Middle attack it's totally infeasible to decipher SSL traffic. SSL has of course been bolted on to HTTP making HTTPS, FTP making SFTP and you can also use it for MySQL and just about everything else.

So…. if you're designing a protocol to be secure, then using SSL is pretty much required.

As I re-read your post I see you specifically mentioned JS encrypting form values before sending them to the server. This is totally pointless. This is like the MySQL example I mentioned above. People will simply sniff the encrypted password and use that to log in as you. Or alternatively they could look at the JS code and reverse the encrypted password. Of course this latter course of action isn't possible if you used JS to hash the password (as opposed to encrypt), but in that case they could just fall back to the former action plan; just using the hashed version.

I hope this clears things up

google packet sniffer

Just get a packet sniffer and look around until you think you see something that could resemble what you're looking for (since its still encrypted) then just decrypt it somehow.

Yes, This is called packet sniffing. It basically captures the data sent from your PC to the router…I believe this is also known as ARP Poisoning. (Address Resolution Protocol).

One of the main purposes of a router is to share a WAN (wide area network, aka internet) IP address. Which is assigned by your Internet Service Provider, Or ISP.

Now lets say the sniffer is on computer a and the victim is on computer b, connected to the same router.

Each of them are assigned a LAN ip address (local area network) Basically assigned by the router to determine where packets will be sent to once data is sent to the IP address. So hypothetically, Lets say… the attacker is 192.168.1.101 ( computer a) and computer b (victim) is on 192.168.1.102

Now A can set up a ARP request (man in the middle attack) and capture packet data over the network filtering out any OTHER lan ip's making sure he is stealing from only 192.168.1.102 (the victim) and collects the passwords promptly

The attacker can open something called a packet sniffer and capture protocol data such as FTP and HTTP in plain text (otherwise NOT encrypted). Anything not encrypted = a sin to security. A couple appz out there used to packet sniff

Cain and Abel <- personal favorite… as it locates the password in the packet data for you but setting up is a tad bit more advanced however. And of course, Ethereal (now wireshark i believe)

Now practice on your network :]

Ok, but sniffing and poisoning aren't the same . Sniffing is getting packets is intercepting packets transmitted over a network, so it's just getting the data, while ARP poisoning, which actually requires sniffing, is useful to make passing through your pc data which is not supposed to do so.

hmm…

thanks a lot..

Explained clearly. but few doubts..

As I re-read your post I see you specifically mentioned JS encrypting form values before sending them to the server. This is totally pointless. This is like the MySQL example I mentioned above.

People will simply sniff the encrypted password and use that to log in as you.

Or alternatively they could look at the JS code and reverse the encrypted password. Of course this latter course of action isn't possible if you used JS to hash the password (as opposed to encrypt), but in that case they could just fall back to the former action plan; just using the hashed version.

1. you mean they use directly the encrypted or hashed version of passwords from their computer and get the authenticationQ

2. Can we sniff only the packets that are sent/recieved from the shared router/networkQ So, It means that any random person can't steal the passwords only the persons of our network can do..

3. say if we are running a packet sniffer. will it capture the packets sent/recieved by all the computer in my network. ( i am in a lan with 4000 computers connected ) if so. then I can play and have lot of fun.

4. I have searched google.. and found lots and lots of packet sniffers. downloaded few and of all i saw Packetyzer( from Network Chemistry) is having lot options. Can you suggest me a good packet sniffer.

Very Excited!!!! thanks a lot guys… :)

1. you mean they use directly the encrypted or hashed version of passwords from their computer and get the authenticationQYes, that could be done

2. Can we sniff only the packets that are sent/recieved from the shared router/networkQ So, It means that any random person can't steal the passwords only the persons of our network can do.. Assuming no malware is installed anyway you can only sniff traffic that goes through your NIC. This means if your LAN uses hubs (I highly doubt it) then you can see all traffic. If it is fully switched then you'll only see your own traffic and broadcast traffic. If it is wifi then you can see all traffic (because your card of course gets all the traffic as it simply flies through the air)

3. say if we are running a packet sniffer. will it capture the packets sent/recieved by all the computer in my network. ( i am in a lan with 4000 computers connected ) if so. then I can play and have lot of fun.See my answer to 2. A LAN that large would have to be fully switched (and properly subnetted) and so I doubt you can see other's traffic.

4. I have searched google.. and found lots and lots of packet sniffers. downloaded few and of all i saw Packetyzer( from Network Chemistry) is having lot options. Can you suggest me a good packet sniffer. Wireshark is the standard one the majority of people use (unless they for some reason are limited to tcpdump).

oh!!!! :(

disappointed

so, isn't there any way for me to play.

interesting……i have never really looked into this….i got wireshark a while back…but stopped or somtehing i dont remember….very cool tho