I tried to understand difference between HTTP and HTTPs

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

Introduction

I am Akshay Rao working in Annotation Japan, i am interested in cybersecurity so i started to learn about it,in this we will see what will be the practical difference between http and https .

Procedure

Wireshark tool is used to capture the TCP packets and examine them.
There are two websites:-
1- (https disabled) 192.102.104.3

2- (https enabled)192.102.104.4

We will try to put our username:-bee and password:-bug in both the websites and examine each TCP packets. Now i had to setup Wireshark to capture the packets as we put the username, password and click on Login.
Then the Wireshark catch this packet.
First let’s examine the HTTP website’s TCP packet but flowing the TCP stream.

By analysing the TCP/HTTP packet, we can see that the username and password are in text format.

Now we will put the same credentials in the https enabled website(192.102.104.4) and analyse the packet.

The whole HTTP/TCP packet is encrypted and none information is shared including the username and password.

Conclusion

This explains technically that using https enabled websites are better than using https disabled ones.
This experiment was done in ine.com website's pen-testing student course's lab