Secure Versus Insecure

1. Open Kali Linux (or install Wireshark on your PC/Mac) and open a browser to the 'non secure site'.
2. Start Wireshark and start capturing packets.
3. Log in to the site using your student ID number but do not use any password that you normally pick! Pick some random dictionary word.
4. Stop the Wireshark capture and use a filter to show only the web traffic to this page.
5. Look for the POST where the login was attempted and spot your username/password. Submit a screenshot of the packet showing the username/password.
7. Repeat the exercise for the 'secure site'. Look through the packets to see if the username/password is visible and submit a screenshot of one of the packets where you think the password might have been.

If chrome doesn't show the padlock, you are on the http site. If it shows the padlock you are on the secure site.

• Non Secure Site: http://cr1270.umldb.com
• Secure Site: https://cr1270.umldb.com