This does make it harder to retrieve a victims login credentials but not impossible. It seems like there is javascript present which scrambles the user input before completing the request. User-Agent: Mozilla/5.0 (Windows NT 10.0 Win64 圆4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/.117 Safari/537.36Īccept: text/html,application/xhtml+xml,application/xml q=0.9,image/webp,image/apng,*/* q=0.8,application/signed-exchange v=b3 q=0.9Īccept-Language: nl-NL,nl q=0.9,en-US q=0.8,en q=0.7Ĭookie: language=ENU userName=testusername remenber= pwd=ĭespite the fact that the client uses HTTP, we're still not able to catch the complete login credentials. When following the TCP stream we can see our request quite clearly. The keyword 'username' gets found in a packet with the Push flag (PSH, ACK).
By using the 'find packet' option, we can look for certain keywords in the packet bytes. Now, when we submit a login request, we will be able to see the entire http request. By setting a display filter we can solely focus on the network traffic between us and the IPCam client. Lets utilize wireshark and see if we can capture some interesting data. When navigating to the device on port 88 we are greeted by the IPCam login form. OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3
