Ao usar o dsniff, você descobriu exatamente por que, ao desenvolver sites com autenticação, é obrigatório usar o TLS para criptografar as comunicações.
A camada de criptografia ofusca o funcionamento interno do protocolo HTTP dentro de um túnel "protegido", e dsniff
não é capaz de obter o fluxo não criptografado em condições normais .
Para mais informações, deixarei um link para o TLS, e também para uma resposta minha em security / stackexchange
de link
The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated at the start of the session (see Handshake Protocol). The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted (see Algorithm). The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places himself in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected). The identity of the communicating parties can be authenticated using public key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server). The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.