Jump to content

Linux - Backtrack Msn Messenger


Stiofang
 Share

Recommended Posts

Hey guys - I'm doing a demonstration on vulnerabilities in Instant Messaging but I'm having a problem finding a reliable MSN Sniffer on Linux. I've tried 'imsniff' which comes with backtrack and using a MITM arp spoofing attack on a virtual machine I am unable to sniff any conversations. If I enable verbose logging on imsniff using the -vvv switch it just tells me 'unknown data from an unknown conversation - skipping'.

I can use Wireshark/Tshark to sniff conversations successfully but I need something cleaner. I've looked at msnshadow but its impossible to install. you need 14 billion different libraries to even remotely get it working.

Any ideas? :)

Link to comment
Share on other sites

Why not take your wireshark pcap and make a program to parse it?

Or you could make a program to tcpdump and have it parse on the fly and display in terminal.

There is a .deb for msnshadow for x86

Or, this solution: msgsnarf

root@bt:~# msgsnarf -h
Version: 2.4
Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]

Edited by Mr-Protocol
Link to comment
Share on other sites

rm -rf eh? Wowzer, that sounds totally 1337 - Let me try it immediately! :)

I've tried msgsnarf but experience similar results. Had thought about scripting something to parse the Wireshark output but why reinvent the wheel if there's stuff already out there that'll do the job..

I'm using an x64 instance of BT5R1 running as a virtual machine on a Hyper-V Core box - Wireshark needs to be removed and recompiled from source in x64 BT5R1 - The default is for it to be b0rk. Not sure if that's relevant but thought I'd throw it out there anyway.

Link to comment
Share on other sites

wireshark works fine on my x64 VirtualBox

Also messenger traffic may be encrypted now?

That's odd! I had to recompile to get it to work.

Yes I was thinking that conversations might be encrypted but I can see chats in clear text in Wireshark.. they're just difficult to look at because of the hex formatting :)

Link to comment
Share on other sites

Well the formatting is because the chat packets are not just strings of chat. It includes stuff like:

  • Sender ID
  • Rec. ID
  • Some checksum
  • The Message

And all of that info (possibly more, those are just examples) separated by a delimeter. I used to play with yahoo packets a long time ago to make bot logins, brute force, mass IM, and such other programs.

It could be that either it's encrypted, or the "sniffer" cannot identify the new scheme the IM client uses to transmit communication and says "Unknown".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...