You can get anybody’s internet account password, if you have Mozilla Firefox browser with an add-on named HTTPFox installed.
HTTPFox sits in between the network and FF browser and captures all the traffic in between. You can view the Requests and Responses going in between. When you enter an information into a form on a web page like a login page and click the submit button you are sending the information either as a GET or as a POST request to the web server. Example of a GET request is what you enter in a Google Search box. When you click search you can see that the results page will have a URL like :- http://ww.google.com/search?q=SEARCH QUERY (it may have some more creepy stuff like your browser info or your language preference but the basic structure is this) You can see that the part you entered is visible along with the URL.
POST requests are different in that you can’t see the data as part of the URL. An example would be any login information you enter on a website.
Follow these steps : (Checkout this Screenshot for detailed instructions)
1. Install HTTPFox extension for FireFox.
2. Restart Firefox, now you will see a small green and blue icon on the lower right side of the status bar.
3. Click on the icon to expand HTTPFox pane and go to any login page.
4. Click Start to start the capture. Enter the login information (username, password) and click Submit (or hit enter)
5. You will seethe data transfer in a categorised and formatted way here. Look at the 5th column named Method. Most of it will be GET. Click on it to bring the POST ones on top. Select a post transfer by clicking on it and then Click POST Data tab on the lower pane of HTTPFox. Here select Raw radio button. check for the sername somewhere in the string shown. Near to the username will be the password. Before each variable (password username etc) you can see an = symbol)
6. This is the password you need. To make this a stealth operation 😉 , after Start minimise the HTTPFox window. And whe nobody is arround open the window stop the transfer and look for the password.
As you get familiar with this it will be a lot easier to findout the password from the RAW data. For any webpage use all caps testusername and teastpassword approach shown in the screenshot to locate the password field.
If you have any questions or doubts contact me or leave a comment.