Is my form password being passed in clear text?

Posted by liinkas on Stack Overflow See other posts from Stack Overflow or by liinkas
Published on 2008-09-28T15:58:40Z Indexed on 2010/04/23 2:13 UTC
Read the original article Hit count: 354

Filed under:
|
|

This is what my browser sent, when logging into some site:

POST http://www.some.site/login.php HTTP/1.0
User-Agent: Opera/8.26 (X2000; Linux i686; Z; en)
Host: www.some.site
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: en-US,en;q=0.9
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
Referer: http://www.some.site/
Proxy-Connection: close
Content-Length: 123
Content-Type: application/x-www-form-urlencoded

lots_of_stuff=here&e2ad811=my_login_name&e327696=my_password&lots_of_stuff=here

Can I state that anyone can sniff my login name and password for that site? Maybe just on my LAN?
If so (even only on LAN ) then I'm shocked. I thought using

<input type="password">

did something more than make all characters look like ' * '

p.s. If it matters I played with netcat (on linux) and made connection
browser <=> netcat (loged here) <=> proxy <=> remote_site

© Stack Overflow or respective owner

Related posts about http

Related posts about html-form