I created ZitaFTP Server in part because I wanted secure file transfer on AmigaOS (something that wasn't available previously). Some seem to think that plain FTP is good enough, so today I'm going to show you just how easy it is to steal passwords from plain FTP. This is something you need to be aware of.

I was going to demonstrate this myself, but unfortunately Wireshark currently won't work on my Windows laptop (npcap is broken). To save time, I've found a video of someone else demonstrating FTP password sniffing using Wireshark. See the video above.

The process is pretty simple:

  • Run Wireshark, and capture network data
  • Search for "USER" or "PASS" in the captured data (hint: Wireshark's filter can be used, as demonstrated in this video)
  • Right-click on the packet containing "USER" or "PASS," and select "Follow TCP stream"
  • Done! The username and password are now in plain view

Anyone who has managed to connect to your network can do this. And, more sophisticated tools are readily available, as is shown in the following video...

EDIT: Changed the video above after YouTube took down the original for "violating community guidelines."

Conclusion

Plain FTP is insecure, and it's pretty easy to sniff your username and password. Anyone who manages to connect to your network can capture network traffic, sniff out your FTP password, and then access/steal your files. Tools to do so are readily available.

The bottom line is: do NOT use plain FTP for file transfer if you value your data. Or, stick to plain FTP and risk being hacked. It's up to you.

Personally, I value security. That's why I wrote ZitaFTP Server. It's a secure FTP server (i.e., an FTPS server). The password sniffing techniques shown above only work with plain FTP (and HTTP), and fail the moment secure connections are used. I highly recommend you stop using insecure plain FTP, and use FTPS instead. Yes, even within your own private network.

Click here to check out ZitaFTP Server
Available for multiple platforms (incl. Windows).