Proj 7x: Clear Messenger Plaintext Login (15 pts)

What You Need for This Project

Purpose

To observe network transmissions from the Clear Messenger app, and prove that they are not encrypted properly.

Installing "Clear Messenger"

On your Android device, in Google Play, search for Clear Messenger.

Click on the "Clear Messenger app, as shown below.

If you scroll down on the app's main page, you will see that this is a highly-rated, popular app, with more than 100K downloads.

At the top of the app page, click Install. Agree to what it asks and install the app.

Launch the app. Type in these values, but don't click the Login button yet:

Starting Wireshark

On your host system, launch Wireshark. If you don't have it, get it at:

https://www.wireshark.org/

In the main Wireshark window, double-click the network interface that is being used to reach the Internet. On my system, it is "Wi-Fi: en0", outlined in green in the image below.

Wirehark starts displaying packets. At the top, in the Filter bar, enter this display filter:

http
Press Enter to filter the traffic.

On your Android device, click Login.

Wireshark shows a captured POST request to Clear, as shown below.

In the top pane of Wireshark, right-click the POST request, and click Follow, "TCP Stream", as shown above.

The request appears, containing YOUR NAME, as shown below.

Saving a Screen Image

Make sure the captured username and password are visible, as shown above.

Save a full-desktop image. On a Mac, press Shift+Commmand+3. On a PC, press Shift+PrntScrn and paste into Paint.

YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT!

Save the image with the filename "YOUR NAME Proj 2", replacing "YOUR NAME" with your real name.

SHA-1 Hash

The password is not transmitted in plaintext. It's hashed with one round of SHA-1, which you can verify easily with online tools, as shown below.

This is not significantly more secure than plaintext password transmission.

Troubleshooting

If you don't see any packets, as shown below,

Try these fixes:

  • Click the red square button to stop the capture
  • From the menu, click Capture, Options
  • Choose a different network adapter
  • If the "Link-layer header" is set to "802.11...", scroll to the right and uncheck the monitor box

Turning in your Project

Email the image to to cnit.128sam@gmail.com with the subject line: Proj 2 from YOUR NAME
Last modified 1-17-19