HTTP Sniffing

HTTP stands for 'HyperText Transfer Protocol', and it is the mechanism used to transfer data from one computer to another across the Internet. You can use HTTP to request information from a server, or to send information to a client by wrapping the request or data in a 'packet'.

An HTTP packet consists of a header section which identifies the purpose of the packet (eg. to request a file), the destination (eg. the address of the website the file is being requested from), the format of the request (eg. what type of encoding is used in the main text of the packet), and whether the packet is in one part or has been split up and sent as separate parts (so the server can collect all of the parts it needs before dealing with the request), among other things.

Usually, HTTP packets wing their way across the Internet from one machine to another without any human intervention, and without anyone seeing what the packets contain. However, the data in an HTTP packet is usually just plain text - it is not encrypted in any way and can easily be intercepted, read, and even changed en-route by anybody with the appropriate software and technical skill.

The programs used to intercept HTTP requests are known as 'HTTP sniffers' - and they are often used to 'sniff out' important information that can be used maliciously (there are also legitimate uses for HTTP sniffers - for example, they can be useful in debugging applications that rely on the transfer of HTTP packets). Any data sent over plain HTTP is therefore susceptible to interception, and must be presumed insecure.

For this reason, any sensitive data that must be transferred from one machine to another on the Internet should not be sent as a plain HTTP packet. This includes login screens, and forms that collect sensitive personal information such as credit card details. In these instances it is usually best to use HTTPS.

HTTPS is very similar to HTTP; it's just that the data in the packet is encrypted. So even if someone uses as HTTP sniffer, they will not be able to read any of the data without a special 'key' - and that key is held securely on the receiving computer. If a hacker tries to change the data, this will be detected by the receiving machine, because it will no longer be able to decrypt the package.