Skip to content

Schaechner/http-website

Repository files navigation

http-website

A http:// website for demonstration purposes how to hack it

Pay attention!

The Github website may not run correctly!
Please clone them and then run them on yours!
You also need to verify that your URLs are all correct. Go through each file and see if it's the correct URL!

Nothing works?

If nothing works, please write to me or leave a message under "Issues"!


If you like this article, I would appreciate a comment & like! Thanks!


1. What you need

  • http website with username/password form (no https!)
  • Wireshark
  • Internet connection

1.1 Choose http website

Which unencrypted website should I use? Is that unsafe then? Should I look for one online? NO! I will soon publish my own http website on Github so you can try it out! You can of course also find them here!

Install Wireshark on your first device

To be able to read the access data yourself, you need a program called "Wireshark". Have you ever heard of this? No? / Yes? Feel free to write it in the comments! We need this. You can easily install this on your device using the link below! https://www.wireshark.org/download.html You'll have to tap "Next" quite a few times, but you can leave all the settings as they are. Also note that other apps will also be installed! When you start the app it should look like this:

Image description

Using XAMPPon your second device

For Windows you can use the app XAMPP for a local web server:

Image description The Github web server files should then be in this folder: C:\xampp\htdocs.

Run website

Now when you are done with the installation, you need to go to this page on your second device: http://localhost/http-website-main/index.html It should look like this:

Image description ✅ Well done!

  • Open Wireshark and choose your main network with a double click:

Image description

  • Search for http and tip enter This is the filter that only allows http requests

Image description

  • Tap "Login" in your website

Image description

  • You should be logged in

Image description

  • Anywhere, there should be something like this with x-www-form-urlencoded

Image description

  • Tap on this
  • Scroll down and expand the last one (HTML Form URL encoded):

Image description


Great, you did it! Note that this is to help you understand how hackers work. This should not be a suggestion to actively use this for hacking!


Thanks for your attention, schBenedikt