Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Why I can not find my clear text login credentials in Wireshark traffic

I am examining network traffic to demonstrate how a password sent in clear HTTP (not HTTPS) can be retrieved from traffic.

However, I encountered a case for a website that I could not understand. The website does not use HTTPS. The login page appears as a pop-up window. There is no certificate and the browser shows the insecure sign in the URL bar and when I click on the user name and password fields. But when I login while running the Wireshark, I can not see the password or the username in clear. I tried to search for them in Wireshark using: Edit -> Find Packet. Then in the menu options I select Packet Bytes, Narrow and Wide, String. If I search for my user name, or my password, I do not find them. I used the same method in other weak websites and I could identify the credentials in cleartext.

There might be something I am missing. If anyone can explain to me why this is happening (I can not find the password in the traffic but the website is not using HTTPS), please help me understand the reason. I am sorry that I can not post the website name. But I described the issue clearly, I think.