ifconfig
Find your server's IP address and make a note of it.
Enter this URL, replacing the IP address with the correct address of your Linux server. Then press Enter:
https://192.168.119.190
A warning page appears, saying "This Connection is Untrusted". That's happening because your SSL certificate is self-signed, rather than purchased from a real Certificate Authority like Verisign.
Click "I Understand the Risks".
Click the "Add Exception" button.
Click the "Confirm Security Exception" button.
Your secure web page opens, as shown below:
nano /var/www/login.htm
In the nano window, enter this
HTML text,
as shown below:
<html>
<body>
<form method="post" action="login.php">
Password: <input type="text" name="pw">
<p>
<input type="submit" value="submit" name="submit">
</form>
</body>
</html>
Press Ctrl+X, Y, Enter
to save the file.
nano /var/www/login.php
In the nano window, enter this
PHP text,
as shown below:
<?php
$p = $_POST['pw'];
if ($p == 'P@ssw0rd') {
echo "<h2>Password correct!</h2>"; }
else {
echo "<h2>Password incorrect!</h2>"; }
?>
Press Ctrl+X, Y, Enter
to save the file.
http://192.168.119.190/login.htm
An HTTP login page opens, as shown below:
Enter a password of P@ssw0rd and click submit.
You should see a message saying "Password correct!".
cp /var/www/login.* /var/www-ssl
This makes an identical login form
on the HTTPS portion of the server.
https://192.168.119.190/login.htm
An HTTPS login page opens, as shown below:
Enter a password of P@ssw0rd and click submit.
You should see a message saying "Password correct!", as shown below.
Press PrntScrn to capture the whole desktop.
YOU MUST SUBMIT AN IMAGE OF YOUR WHOLE DESKTOP TO GET FULL CREDIT
Save a screen capture with a filename of "Proj 17a from YOUR NAME".
From the Wireshark menu bar, click Capture, Interfaces.
In the "Wireshark: Capture Interfaces" box, click the box next to "Local Area Connection", as shown below:
Click the Start button.
http://192.168.119.190/login.htm
An HTTP login page opens, as shown below:
Enter a password of P@ssw0rd and click submit.
You should see a message saying "Password correct!".
In the "Wireshark: Find Packet" window, do these four things, as shown below:
Wireshark should move to a packet labelled "POST /login.php HTTP/1.1" in the Info column, as shown below.
In the center pane, expand the "Line-based text data" section to reveal the password, as shown at the bottom of the screen below:
Press PrntScrn to capture the whole desktop.
YOU MUST SUBMIT AN IMAGE OF YOUR WHOLE DESKTOP TO GET FULL CREDIT
Save a screen capture with a filename of "Proj 17b from YOUR NAME".
From the Wireshark menu bar, click Capture, Start.
In the box that pops up, click the "Continue without Saving" button.
https://192.168.119.190/login.htm
An HTTPS login page opens, as shown below:
Enter a password of P@ssw0rd and click submit.
You should see a message saying "Password correct!".
In the "Wireshark: Find Packet" window, verify that the settings remain unchanged, as shown below:
Look at the lower left of the Wireshark window. A message appears briefly, saying "No packet contained that string", as shown below:
This is a much safer way to send data, because it's encrypted.
Email the image to cnit.120@gmail.com with a subject of "Project 17 from YOUR NAME".
Last modified: 7-27-13 8 pm