Re: How to extract cookies from captured packets

[Sake Blok <sake () euronet nl>]

On 23 sep 2012, at 18:28, esolve esolve wrote:

>      When I'm browsing a web page, there should be some cookies exchange between my machine and the remote web 
> server. I capture the packets when browsing web pages, is it possible for me to extract cookies from the captured 
> packets? besides, are cookies encrypted when they are in transmission?

If the website was not using https, then you are able to see the cookies. Just expand the HTTP tree in the packet 
details pane of Wireshark. Whether the cookie-values are encrypted depends on the implementation of the web-application.

When the website did use https, you can decrypt the traffic, but only if you have posession of the private key of the 
server. Which you do not have when just browsing a (public) webpage unless you are the site administrator.

Cheers,
Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe