Hello,
I’m totaly new here and also new to Wireshark. I don’t speak English natively, so my apologies for my bad English.
As ICT employee at an elementary school I recently discovered unauthorized access (unknown MAC - not from a school pc) to our firewall through one of the admin accounts. Using Wireshark I have been able to track down the packets sent during this unauthorized access, but unfortunately Wireshark couldn’t retrieve the credentials so I don’t know which admin account is compromised. I encountered the output “application/x-www-form-urlencoded” in Wireshark. Regrettably I haven’t been able yet to find out how to unveil the used login and password.
Can somebody please tell me how to decode or decrypt the “application/x-www-form-urlencoded” output in Wireshark ?
cropped screenshot:
Thanks a lot in advance.
Kind regards.