Hello and welcome to this course where we're talking about python four credential access. In this video, we're going to be talking about network sniffing and how we can use python for network sniffing to gain access to the credentials associated with user accounts. It's important to think about the fact that user credentials are commonly transmitted over the network. You think about it, if you're trying to login to a remote computer via remote service using SSH, RDP, VPN, etc, maybe access a file server via FTP, then you're needing to send cryptic credentials to those remote services to authenticate yourself. Similarly, if you want to log into a web application that has a user account that's protected, you're going to need to prove your identity by sending your username and password to that web application. What this means is that at some level or some point, your user credentials are being transmitted over the network from one computer to another. In most cases, this isn't a problem for security. Some protocols have built-in encryption, for example, SSH, SFTP, etc, that S is for secure, and the reason why it's secure is that there's encryption around all of the data being transmitted, meaning that nobody is going to be able to sniff your user credentials off the network. Alternatively, you have protocols like HTTPS, which are wrapped in TLS encryption, and this means that even though HTTP, the protocol that's actually doing all of the data transfer and might be carrying your credentials, HTTP might not be a secure protocol on its own, but by taking advantage of TLS or SSL, it's all encrypted in a way that protects your credentials from being compromised. Security best-practice states that all protocols containing sensitive data, user credentials, etc, should either have built-in encryption or be using TLS wrappers to encrypt all of the traffic. However, those protections may not always be in place. As I mentioned, there's a few protocols where there isn't built-in encryption. Take Telnet or SMTP or HTTP, all of these protocols are transferring potentially user credentials over the network in an insecure fashion. If they're configured correctly to use TLS as a wrapper, then there's not a big problem. However, if those protocols are set up to not use TLS, then there's the potential that someone who's monitoring the traffic flowing over the network might be able to identify and extract credentials from them. Sometimes even if a system is properly configured, there's the potential for leakage of credentials and network traffic. For example, if an organization might be using a proxy server so that it can intercept connections and perform deep packet inspection. This is a common technique to help filter use of inappropriate sites by employees on a network or to search for malware that's contained within encrypted network connections like HTTPS. In order to perform that deep-packet inspection, the proxy needs to decrypt the data, meaning that it's breaking the TLS encryption at that particular point, you have an encrypted connection from the client to the proxy and one from the proxy to the server, but there's that gap in the middle between those connections that's unencrypted. Why this is relevant to this course is that we're going to talk about using python to sniff traffic from insecure protocols. We are either making the assumption that someone's incorrectly used insecure FTP, Telnet, SMTP, etc, or that the encryption is broken at a particular point due to deep-packet inspection and an attacker has the ability to inspect the traffic at that point. We'll look at how to identify and extract user credentials from network traffic in the next video. Thank you.
