 |
 |
What is
MSN Shadow?
MSN Shadow is a forensics tool developed to demonstrate several security proofs of concept in the MSN protocol.
Is it
possible to spoof MSN?
Yes...
The tool will save the sequence number and ack number of every
connection sniffed. When the user spoof one of the sides of the
connection, this numbers will be used and the software will send a RST packet.
With the RST packet the connection will close. In free software clients
like Kopete and aMSN, it will appear a message informing that. But in
official clients, this situation will not be perceived. This packet is
necessary because the spoofing will change the sequence number of the
side and the synchronism will be wronged.
The spoofing mechanism can be improved and I'm working for it! But, for
now, it works.
The Hijack test will do the same thing of the spoofing, but it will do
two iptables rules, hindering the packets from one side to achieve
another(considering you are doing a arpspoof or a dos attack of one
side). And a new window will appear allowing you to continue the
conversation as you were the hijacked person.
The kick user command will send a RST packet to connection of the
selected user with the server. This connection will be find out
selecting special packets sent only by the server.
How do
you sniff video?
Video is just binary code inside the packet. The only thing
it needs is the decoder process.
Like Kopete or aMSN, MSN Shadow uses libmimic API[1] for
decode video packets and show them to the user. To save the video, is
necessary the 'mencoder' software, which can be downloaded from MPlayer
site[2].
For technical information, I initializes de decoder init
function of the libmimic API with a frame key video of a webcam
connection which I sniffed.
Who did
make this tool?
A brazilian developer, Gabriel Menezes Nunes.
|
|
 |
|
 |
MSN
Shadow
