any simple tools/hacks/websites to show http plain text data vulnerabilities?

[oROEchimaru]

Hello, for http sites that are passing credentials or sensitive data any useful sites or tools that let you quickly identify that http is passing real data in plain text/non encryption?

this is for corporate usage, any useful apps to show this as a security risk? thanks.

 

[Syran]

I would assume, by the very nature of sending it via http vs. https that it would be sent unsecured.

 

[Wiseguy2001]

NetMon

You'll need to set up some filters do get to the juicy stuff. I've used it in the past to show how bad a client's existing system was. Plain text passwords and credit cards

Also, the network tab in the Chrome dev tools is actually pretty telling to see what is being transferred.

Don't forget there's the logs too, but all these tools will only show you what's currently being used, not the vulnerabilities. To find those, you really need to examine the source code.

 

[oROEchimaru]

ok awesome thanks wiseguy

 

[Sgraffite]

I've used Wireshark in the past to do such a thing. I'm unsure but interested in peoples' experience as to how it compares to Netmon.

 

[oROEchimaru]

ok cool. wireshark is a bit of a pain since i'm not the network admin and its a large corporate envrionment. i'll try netmon when i reboot this week. seeing it in plain text in chrome was an eye opener.