1
00:00:00,540 --> 00:00:01,240
OK.

2
00:00:01,290 --> 00:00:07,530
So in this lesson, you learn how to use Wireshark filters when the victim connects to your fake access

3
00:00:07,530 --> 00:00:08,040
point.

4
00:00:09,060 --> 00:00:16,890
So first off, you need to open Wireshark by typing Wireshark in the terminal and here select wireless

5
00:00:16,890 --> 00:00:21,960
interface double and zero and start capturing packets.

6
00:00:22,890 --> 00:00:31,410
OK, now let's switch the victim machine and generate some traffic by going to an HTP website and try

7
00:00:31,410 --> 00:00:38,940
to login using test for the username and let me in for the password and click the login button.

8
00:00:39,930 --> 00:00:47,070
OK, so let's go back to the machine and stop the capturing process by clicking the red button.

9
00:00:48,000 --> 00:00:56,370
And no, the first filter, which I like to use is DNS with the IP address, so I will type DNS and

10
00:00:56,370 --> 00:01:01,170
IP add are equal equal and put the victim IP address.

11
00:01:02,070 --> 00:01:08,400
This filter will show you which websites the victim is visiting and is useful when you want to perform

12
00:01:08,400 --> 00:01:09,510
a phishing with that.

13
00:01:10,680 --> 00:01:17,010
OK, now the next filter is free contains put the word from the website.

14
00:01:17,580 --> 00:01:20,280
And for this example, I will use Bing.

15
00:01:21,300 --> 00:01:26,730
This will show you if users from a fake access point are visiting Bing website.

16
00:01:27,630 --> 00:01:33,270
And lastly, let's see how to locate the post packet, which contains the login credentials.

17
00:01:34,200 --> 00:01:43,440
So I will type H-2B Request Method Equal, Equal and in caps post and click on the HTML form.

18
00:01:44,160 --> 00:01:47,100
And here you can see the username and password.

19
00:01:47,910 --> 00:01:51,600
So thanks for watching and I will see you next time.