Well everyone of us at least once come across the statement:
“Make sure abc website uses HTTPS before entering your private information.”
If yes then have you ever tried to find the reason behind this statement. Let’s find out the reason.
Before proceeding further two points must be clear-
- HTTP :
HyperText Transfer Protocol (HTTP) is the core communication protocol used to access the World Wide Web.
It uses a message-based model in which a client sends a request message and server returns a response message.
- HTTPS :
HyperText Transfer Protocol Secure (HTTPS) clearly it names indicate that this is an secure advancement of HTTP. It is basically the same application-layer protocol as HTTP but it is tunneled over secure transport mechanism.
The point to understand is that HTTP transfer data as plain text whereas HTTPS adds a encryption layer to data.
Now we have understand that HTTP does not encrypt our data while communication which means a attacker which is suitably positioned on the network can eavesdrop or look our data.
Let’s dive deeper!
To start our exploration we are using Linux machine and wireshark as packet analyzer tool (they are used for network analysis).
Firstly we have to setup wireshark to monitor all ongoing HTTP traffic for that we will enter the
following filter in wireshark to only get HTTP requests:
http && ip.addr == "ip address"
Now, we are able to monitor all ongoing traffic as shown in image:
You might be thinking that an attacker is only able to see your browsing but he can also get your credentials if victim try to login let’s see now visit a page and enter the credentials let say username =’test’ and password=’test’ then press login.When we switch back to wireshark and find that corresponding request we are able to see our entered username and password.
But, if we try to analyze packets for HTTPS request it doesn’t disclose any credentials due to encryption.
Always ensure that you are dealing with HTTPS especially when dealing with credentials or doing any type of transactions.
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
- Difference between Secure Socket Layer (SSL) and Secure Electronic Transaction (SET)
- Juice Jacking - Public USB charging ports are not secure
- Secure Electronic Transaction (SET) Protocol
- Difference between File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP)
- Difference between Secure Socket Layer (SSL) and Transport Layer Security (TLS)
- Secure Socket Layer (SSL)
- Introduction to SSH(Secure Shell) Keys
- Create your own secure Home Network using Pi-hole and Docker
- Trust Based Energy-Efficient and Secure Routing Protocols for IoT
- Social Engineering -Time To Be More Secure Than Before
- Why does DNS use UDP and not TCP?
- Difference between HTML and HTTP
- Difference between http:// and https://
- HTTP Non-Persistent & Persistent Connection | Set 1
- HTTP Non-Persistent & Persistent Connection | Set 2 (Practice Question)
- What are the differences between HTTP, FTP, and SMTP?
- HTTP Cookies
- Session Management in HTTP
- Difference between HTTP and IPFS
- Difference between AMQP and HTTP protocols