The following is a brief instruction for browsers which do not show passwords (like IE I suppose). I personally used this approach to recover a password for my online banking service:
- Install Java Runtime Envioronvent. You can download it here: http://java.sun.com/j2se/downloads.html
- Download a Burp proxy, which is a free proxy software with an ability to capture and display http(s) traffic: http://www.portswigger.net/suite/download.html
- Unpack and run the .bat file there. If you have a firewall on your desktop, allow the java application to access the network in the firewall popup window.
- In Burp, switch the 'intercept on' button on the proxy -> intercept tab.
- In your web browser, set proxy to localhost, port 8080. In Mozilla Firefox, for example, this setting is available somewhere in Tools -> Settings -> Other -> Network -> Settings. Check the radio box "manual proxy settings" and enter hostname 'localhost' and port '8080' for both HTTP and SSL connecctions.
- Goto the login page in you browser and log in. The login form should be captured by Burp proxy.
- In Burp Proxy window you will see the HTTP request list, from which the one marked with 'POST' is most likely the login request itself. Double-click it. You will see the raw HTTP request, starting with word 'POST' and blah-blah-blah. At the end of the request text there should be the login form data, containing your lost password, like the following:
...hl=ru&GALX=b0&Email=D-----a&Passwd=12345&PersistentCookie=yes&rmShown=1&signIn=%D0%
- Find the password field there. It should have the name Passwd= or password= or something like that. Whatever follows the '=' up to the '&' is you lost password (in this case, the password in 12345, which is, of course, a faked one :)).
- Do not forget to restore you proxy settings in your browser :)
1 comment:
Thanks. I lost my password for my ISP but due to your instructions i found it again.
Post a Comment