This is an example of the output produced by Cain's HTTPS sniffer for APR. The data has been captured from a test HTTPS login session to http://www.hotmail.com

 

===========================================

=== Cain's HTTPS sniffer generated file ===

===========================================

 

[Client-side-data]

POST /ppsecure/post.srf?lc=1040&id=2&ru=http://www.hotmail.msn.com/cgi-bin/sbox&tw=20&fs=1&cbid=24325&da=passport.com&kpp=2&svc=mail&msppjph=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*

Accept-Language: it

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

Cookie: BrowserTest=Success?; vv=25

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: login.passport.com

Content-Length: 95

Connection: Keep-Alive

Cache-Control: no-cache

Referer: http://login.passport.net/uilogin.srf?id=2

login=testuser@test.test&domain=passport.com&passwd=testpassword&sec=&mspp_shared=&padding=xxxx

 

[Server-side-data]

HTTP/1.1 200 OK

Connection: close

Date: Wed, 08 Dec 2004 18:33:52 GMT

Server: Microsoft-IIS/6.0

PPServer: PPV: 25 H: BAYPPLOG2A04 V: 1113

Content-Type: text/html

Expires: Wed, 08 Dec 2004 18:32:52 GMT

Cache-Control: no-cache

cachecontrol: no-store

Pragma: no-cache

P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"

Content-Length: 412

 

[Server-side-data]

<HTML><HEAD><meta HTTP-EQUIV="Content-Type" content="text/html; charset=iso-8859-1"><META HTTP-EQUIV="REFRESH" CONTENT="0; URL=http://login.passport.com/login.srf?lc=1040&sf=1&id=2&ru=http://www.hotmail.msn.com/cgi-bin/sbox&tw=20&fs=1&cb=&cbid=24325&ts=0&login=testuser%40test.test&domain=passport.com&sec=&mspp_shared=&ec=e5a&seclog=0&kpp=2&svc=mail&msppjph=1"><script>function OnBack(){}</script></HEAD></HTML>