Inspired by this article below, I'll show you how to hack an http website!

What is HTTPS and how does it work?

June Dang ・ Jul 11 '23

#webdev #codenewbie #security #learning

If you like this article, I would appreciate a comment & like ❤️!
Thanks!

1. What you need

• http website with username/password form (no https!)
• Wireshark
• Internet connection

1.1 Choose http website

Which unencrypted website should I use? Is that unsafe then? Should I look for one online?
NO!
I will soon publish my own http website on Github so you can try it out! You can of course also find them here!

Install Wireshark on your first device

To be able to read the access data yourself, you need a program called "Wireshark".
Have you ever heard of this?
No? / Yes? Feel free to write it in the comments!
We need this. You can easily install this on your device using the link below!

Wireshark · Download

wireshark.org

Using XAMPPon your second device

For Windows you can use the app XAMPP for a local web server:

The Github web server files should then be in this folder: C:\xampp\htdocs.

Run website

Now when you are done with the installation, you need to go to this page on your second device: http://localhost/http-website-main/index.html
It should look like this:

✅ Well done!

• Open Wireshark and choose your main network with a double click:

• Search for http and tip enter This is the filter that only allows http requests
• Tap "Login" in your website
• You should be logged in

• Anywhere, there should be something like this with x-www-form-urlencoded
• Tap on this
• Scroll down and expand the last one (HTML Form URL encoded):

Great, you did it!
Note that this is to help you understand how hackers work. This should not be a suggestion to actively use this for hacking!

Thanks for your attention, schBenedikt