How much data can packet sniffer steal?

I know a packet sniffer is really powerful. It can sniff out password and images and so on. Can it sniff URL too? Meaning, if I put my authentication in URL instead of a cookie, will sniffer be able to obtain the authenticated session ID from the URL? What about hidden value in form based authentication? Are they all open to sniffer attacks?

Bascially there is no security in public network (non-https non-ssh)? Not sure how https can be safe as well. I mean, the first handshake attempt will already be sniffed before connection is established. Not sure how safe that would be.

Thank you.

user413258

Posted 2010-08-20T22:54:35.217

Reputation:

Answers

Are they all open to sniffer attacks?

Yes.

Not sure how https can be safe as well.

You aren't reading enough, then.

Start here: http://en.wikipedia.org/wiki/Transport_Layer_Security#How_it_works

Then here: http://en.wikipedia.org/wiki/Transport_Layer_Security#Further_reading

S.Lott

Posted 2010-08-20T22:54:35.217

Reputation: 364

A packet sniffer will see the full URL, as it's part of the HTTP GET request - likewise, it'll see hidden FORM items as these are sent across the wire as well (they're 'hidden' inasmuch as they're not visible on the page).

HTTPS is much safer than plain-text information exchange - even if the packets are acquired, there's no way of decrypting them without knowing specifics (private key) stored on the client machine, and these are transient so you wouldn't have much luck finding them.

Will A

Posted 2010-08-20T22:54:35.217

Reputation: 123

This question is typical / normal. Encryption seems like a magic wand, but only when it is done right.

Unencrypted text: Every single bit of it is exposed. The cookie, the URL request, the browser you are using, forms, values and prompts, every image, the OS you are using, how many pieces of network equipment are between your computer and the web server, even what time you clicked on the link, down to the millisecond.

Encryption with SSL (https://...) encrypts that information in such a way that the key to the encryption never actually gets sent over the network. The handshake is kind of magic. A mathematical magic, but no less magical unless you have a goodly amount of study in fields like number theory.

I hope this helps. Cryptography is a hard concept to grasp, but critical to todays networks.

Slartibartfast

Posted 2010-08-20T22:54:35.217

Reputation: 6 899

Any of the information in a packet is available to the packet sniffer. Of course encrypted data is in the packet itself but is at the same time not useful. Https establishes its connection using public key encryption then passes a shared key across the connection. Using public key encryption solves 2 problems: One being its very high cpu intensive to deal with public key encryption/decryption and Two allows a shared key to be passed not in the clear.

Blake Arnold

Posted 2010-08-20T22:54:35.217

Reputation:

Just to clarify - you mean "it's very CPU intensive to break public-key encrypted content", don't you? – Will A – 2010-08-20T23:06:31.980

Unless the person configuring it makes a serious mistake, I wouldn't use the phrase "very CPU intensive" to describe how challenging it would be to break SSL encryption. I would say "functionally impossible". The problem is on the order of decades or much much more of computer time. – Slartibartfast – 2010-08-21T05:11:13.923