M25: Plaintext Login (15 pts)

What You Need for This Project

An Android Emulator with Google Play

Purpose

To observe network transmissions from an insecure app, and prove that they are not encrypted properly.

Background

This problem is gaining recognition, so few apps still have this flaw. Clear Messenger, which was used used in an earlier version of this project, but that app has been removed from Google Play, as of Feb 10., 2019.

So please use one of these apps instead. They all used plaintext network transmission on Feb 10, 2019, but eventually they may be fixed or removed.

Installing a Vulnerable App

On your Android device, in Google Play, find and install the app shown below.

Equity Pandit

Starting Wireshark

On your host system, launch Wireshark. If you don't have it, get it at:

https://www.wireshark.org/

In the main Wireshark window, double-click the network interface that is being used to reach the Internet. On my system, it is "Wi-Fi: en0", outlined in green in the image below.

Wirehark starts displaying packets. At the top, in the Filter bar, enter this display filter:

http

Press Enter to filter the traffic.

On your Android device, in the vulnerable app, use the "Create Account" page to make an account.

Wireshark shows a captured POST request, as shown below.

Troubleshooting
If you don't see any packets, try these fixes:

Click the red square button to stop the capture
From the menu, click Capture, Options
Choose a different network adapter
If the "Link-layer header" is set to "802.11...", scroll to the right and uncheck the monitor box

In the top pane of Wireshark, right-click the POST request, and click Follow, "TCP Stream", as shown above.

The request appears, containing your credentials, as shown below.

Find the text covered by a green box in the image above. Enter it into the form below to record your success.

M25: Recording Your Success (15 pts)

Use the form below to record your success.

Name:

Text:

Converted to a CTF 2-28-19