Did you know that everyone using your network (wireless and/or wired) can get the password of you e-mail account? Even if you have protected your network with a wep code your password lies on the street. In this tutorial I’m not going to descibe how to crack wep (sorry folks, maybe next week), but I’m going to describe how to “steal” your own password using a computer in your network.
1. The first step is downloading Wireshark, the succesor of Ethereal from http://wireshark.org/download.html
2. Install Wireshark, also install WinPcap (the installer will ask you i you want to install this, choose yes).
3. Start Wireshark. In the menu at the top select Capture > Options.
4. The Capture Options menu will pop up. In the interface field, choose the network interface you want to use.
5. Choose ‘Capture packets in promiscuous mode’ if you want to capture packets (eg. find a password) generated by another computer on the network than yours.
6. Clear everything in the ‘Capture Filter’ field. We don’t need to use filters at the moment.
7. Don’t touch the rest of the settings. If you want to know the function of a setting, keep your mouse on it for a little while.
8. Click start to start capturing. On the computer where you want to ’steal’ the pass from (to make thing easier the first time, just use the computer that’s running Wireshark, the computer you are working on atm), launch a mail application (Outlook, Thunderbird etc.) and retreive your new mail.
9. Go back to Wireshark and stop the capturing by clicking stop. The captured files will appear. Click ‘protocol’ to sort the packets on their protocol.
10. Search for the protocol ‘pop’ to find your e-mail password. Look below for an example of the packets:
11. That’s all! You now have your e-mail account’s username and password! Now trow away your wireless network or everyone can get your password while walking on your street!