Sniffing — Wireshark

Grab HTTP POST request data

Navigate http://ezi2care.jkm.gov.my/login and fill in the User ID and Password fields.

Start Wireshark and click Login on http://ezi2care.jkm.gov.my/login. Filter for “http” protocol results

Click on the destination 203.217.179.134. Check the description under Packet Details Pane by clicking HTML Form URL Encoded or Hypertext Transfer Protocol — search for userid and password.

On the “Host” row / line, please confirm that the IP we selected above is belongs to the ezi2care.jkm.gov.my

Tips

Alternatively, we can use “http.request.method == “POST” as the filter to show only POST methods under Packet List Pane.