M 102: Ask A Lawyer Plaintext Login (15 pts) M 102:问律师明文登录(15分)

What You Need for This Project你需要什么这个项目


To observe network transmissions from the Ask A Lawyer app, and prove that they are not encrypted.观察Ask A Lawyer应用程序的网络传输,并证明它们未加密。

Installing "Ask A Lawyer"安装“问律师”

On your Android device, in Google Play, search for Lawyer .在您的Android设备上,在Google Play中搜索律师

Click on the " Ask a Lawyer app, as outlined in green in the image below. When I did it, it was the top hit.点击“ 咨询律师应用程序,如下图所示为绿色。当我这样做时,它是最受欢迎的。

If you scroll down on the app's main page, you will see that this is a highly-rated, popular app, with more than 100K downloads, as shown below.如果您向下滚动应用程序的主页面,您将看到这是一款评价很高,很受欢迎的应用程序,下载量超过100K,如下所示。

Archived Copy存档副本

If you can't use Google Play, use this archived copy .如果您无法使用Google Play,请使用此存档副本
At the top of the app page, click Install .在应用页面的顶部,单击“ 安装” Agree to what it asks and install the app.同意它要求并安装应用程序。

Launch the app and click Login , as shown below.启动应用程序并单击“ 登录” ,如下所示。

Type in these values, but don't click the Login button yet:键入这些值,但不要单击“ 登录”按钮:

as shown below.如下所示。

Starting Wireshark启动Wireshark

On your host system, launch Wireshark.在主机系统上,启动Wireshark。 If you don't have it, get it at:如果您没有,请访问:

https://www.wireshark.org/ https://www.wireshark.org/

In the main Wireshark window, double-click the network interface that is being used to reach the Internet.在Wireshark主窗口中,双击用于访问Internet的网络接口。 On my system, it is " Wi-Fi: en0 ", outlined in green in the image below.在我的系统上,它是“ Wi-Fi:en0 ”,在下图中以绿色标出

Wirehark starts displaying packets. Wirehark开始显示数据包。 At the top, in the Filter bar, enter this display filter, replacing YOURNAME with a few letters from your own name, as shown below.在顶部,在过滤器栏中,输入此显示过滤器,将YOURNAME替换为您自己姓名中的几个字母,如下所示。

frame contains YOURNAME框架包含YOURNAME
Press Enter to filter the traffic.Enter键过滤流量。

On your Android device, click Login .在Android设备上,单击“ 登录”

In the middle pane, expand the " HTML Form URL Encoded " section to see the captured name and password, as shown below.在中间窗格中,展开“ HTML表单URL编码 ”部分以查看捕获的名称和密码,如下所示。

M 102: Form Item (15 pts) M 102:表格项目(15分)

Find the text covered by a green box in the image above.找到上图中绿框所覆盖的文字。 That's the flag.那是旗帜。


If you don't see any packets, as shown below,如果您没有看到任何数据包,如下所示,

Try these fixes:尝试以下修复:

  • Click the red square button to stop the capture单击红色方块按钮以停止捕获
  • From the menu, click Capture , Options从菜单中,单击“ 捕获” ,“ 选项”
  • Choose a different network adapter选择其他网络适配器
  • If the "Link-layer header" is set to "802.11...", scroll to the right and uncheck the monitor box如果“链路层标头”设置为“802.11 ...”,请向右滚动并取消选中监视器

Last modified 1-17-19最后修改1-17-19