There is no password being sent to the router for admin login on a tp-link router
GET /themes/default/css/base.css?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
GET /js/su/language.js?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: /Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
POST /?code=2&asyn=0 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive Content-Length: 8 Accept: text/plain, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Sec-GPC: 1 Accept-Language: en-US,en Origin: http://192.168.0.1 Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
50|1,0,0GET /locale/en_US/lan.js?_=1702100428336 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, /; q=0.01 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 X-Requested-With: XMLHttpRequest Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
GET /locale/en_US/lan.css?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
GET /themes/default/css/total.css?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Accept: text/css,/;q=0.1 Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
GET /modules/main/main.js?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive Accept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 X-Requested-With: XMLHttpRequest Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
GET /modules/login/localLogin/models.js?t=b059ce59 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive Accept: /User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 X-Requested-With: XMLHttpRequest Sec-GPC: 1 Accept-Language: en-US,en Referer: http://192.168.0.1 ...
The very first HTTP GET request you posted here is for a CSS (base.css). It appears that this is after the actual login.
POST /?code=2&asyn=1 HTTP/1.1 Host: 192.168.0.1 Connection: keep-alive Content-Length: 0 Accept: text/plain, /; q=0.01 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Sec-GPC: 1 Accept-Language: en-US,en Origin: http://192.168.0.1 Referer: http://192.168.0.1/ Accept-Encoding: gzip, deflate
HTTP/1.1 401 Unauthorized Content-Type: text/html;charset=UTF-8 Content-Length: 319 Connection: keep-alive Access-Control-Allow-Origin: * Cache-control: no-cache
00007 00004 00004 r!yK0[r{Ne3fve]j3PHV40^oC.5PSbzw 2r.uPpI$<gzlc0i!co)kttz(*,~cije(}h4p|0bu{ab3^vsh3brln,+yyj(7jbhxmloqdc{0>BUS4(H9T!pLco$cz>V7UWR(p!Wtx>hqRX|Qt~grGPEj[+f3,uAN[rsH]3P7{Sa$!p~A7.23XJJH.R6DTPN(rmC4JYcx6y|XJ[1fnHm>tnaD(]IAl>AKsu!V0A3>WU6wM+vCX,Wg9(,C5>xy>tQ7(k]6fwyE)H2hy0e$o4VsX2B3Y>D>|Y 00000 POST /?code=16&asyn ...(more)
This time i loaded up the website then ran wireshark then attempted to login and capture the trafic