Demo: In the video above we passively sniff the data when we use the smartphone to: a) browse and log in onto a website that doesnt employ SSL
and b) log in onto Blackboard app.
Using the frame contains
built in filter in Wireshark, we observe that in the first case we can capture credentials
in plaintext. On the other hand Blackboard employs SSL
and therefore the data is encrypted. Finally we capture and inspect the Client Hello
message which contains the list of supported cipher suites for the app in use.