Today, I searched the Wireshark output of the ARP hack. It does not appear to have captured the password (although it did contain the username and session cookie). I am not sure why the password was not visible, as the connection was unencrypted; I'll need to try this hack again with more information. With the session cookie, however, a malicious user could log in as the target and perform any actions that did not require password input.
grayson_o
Comments