quarta-feira, 7 de novembro de 2007

What is MSN Shadow?

What is MSN Shadow?

MSN Shadow is a forensics tool developed to demonstrate several security proofs of concept in the MSN protocol.

Is it possible to spoof MSN?

Yes...
The tool will save the sequence number and ack number of every connection sniffed. When the user spoof one of the sides of the connection, this numbers will be used and the software will send a RST packet.
With the RST packet the connection will close. In free software clients like Kopete and aMSN, it will appear a message informing that. But in official clients, this situation will not be perceived. This packet is necessary because the spoofing will change the sequence number of the side and the synchronism will be wronged.

The spoofing mechanism can be improved and I'm working for it! But, for now, it works.

The Hijack test will do the same thing of the spoofing, but it will do two iptables rules, hindering the packets from one side to achieve another(considering you are doing a arpspoof or a dos attack of one side). And a new window will appear allowing you to continue the conversation as you were the hijacked person.

The kick user command will send a RST packet to connection of the selected user with the server. This connection will be find out selecting special packets sent only by the server.

How do you sniff video?

Video is just binary code inside the packet. The only thing it needs is the decoder process.
Like Kopete or aMSN, MSN Shadow uses libmimic API[1] for decode video packets and show them to the user. To save the video, is necessary the 'mencoder' software, which can be downloaded from MPlayer site[2].
For technical information, I initializes de decoder init function of the libmimic API with a frame key video of a webcam connection which I sniffed.

Who did make this tool?
A brazilian developer, Gabriel Menezes Nunes.

2 Comentários:

Blogger whois disse...

you have to zip libmimic1.0.4 deb? Because the links no longer

28 de dezembro de 2008 12:20  
Blogger whois disse...

you have to zip libmimic1.0.4 deb? Because the links no longer

28 de dezembro de 2008 12:21  

Postar um comentário

Assinar Postar comentários [Atom]

<< Página inicial