2102 Web Security: Sniffing Passwords
problem:
unencrypted http traffic
attack:
wireshark
set filter
ip.dst == 192.168.200.203 && http.request.uri matches "login"
get username and password from query parameters
see 2102.png
mitigation:
only allow access to the whole page via https
