Has anyone on here sucessfully used msgsnarf to sniff AIM conversations?
Msgsnarf
Has anyone successfully gotten msgsnarf to work with AIM? I can get some information such as "[screenname] has signed off", but I cannot view conversations.
I installed AIMsniff on Back|Track 3, and it worked fine, but I would like to get msgsnarf working with AIM.
I'm using a .cap file looped back on lo by the way, stripped by airdecap.
Does anyone have any suggestions?
*There is one other thread on msgsnarf HERE, but didn't seem to be of any use.
Has anyone on here sucessfully used msgsnarf to sniff AIM conversations?
Why dont you just use wireshark? and sniff the network traffic to grab convo's and what not. Should be easy if you and the other PC you are trying to sniff is on a hub. If you have a router that manages NAT, you may need to use ARP Spoofing to relay all the packets through your connection and you will be the 'man in the middle' to read them all. Ethercap from what I hear is a good tool to use. Although i have not used it myself to sniff packets or do an ARP Poison.
Here is a link i just found while searching google for Msgsnarf
http://forums.remote-exploit.org/showthread.php?t=2858
Search pulls through again...
I have used Wireshark to look at the packets, multiple times actually, but it won't show the conversations.Originally Posted by Mr-Protocol
I've never used Wireshark+Ettercap (together), I think I'll try that
I've read/used that thread many times. I have it saved on my computer actually. msgsnarf still doesn't intercept AIM conversations though
are you trying to grab IM convo's of a PC on your local network via router? or over the internet to someone elses computer and their AIM client?
Over my network with a D-link router.
I can see "____ just signed off" when a buddy signs off, but I can't see any IM's.
Well there is I think 2 things you can do.
1) Disable the firewall in the router which should allow all packets to be broadcast on some routers. (Not too sure on this)
2) ARP Spoof/Poison with ethercap and sniff the packets and analyze later.
I'm not sure why you can't see the message. I was able to accomplish this by capturing wireless packets from my laptop and read a yahoo message I sent in it's entirety in wireshark.
I'm not sure if you have AIM, but if you do, do you mind trying with AIM and seeing if you can read the IM's?
Well I installed aim and tested. I can't read the message in wireshark. That got me to thinking and I realized that I had actually sent the message that I was able to read using kopete from my linux lappy. So I installed yahoo messenger on my xp box and sent a message and I can't read it in shark either.
Posting Permissions
