Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Msgsnarf

  1. #1

    Arrow Msgsnarf

    Has anyone successfully gotten msgsnarf to work with AIM? I can get some information such as "[screenname] has signed off", but I cannot view conversations.

    I installed AIMsniff on Back|Track 3, and it worked fine, but I would like to get msgsnarf working with AIM.

    I'm using a .cap file looped back on lo by the way, stripped by airdecap.

    Does anyone have any suggestions?






    *There is one other thread on msgsnarf HERE, but didn't seem to be of any use.

  2. #2

    Default

    Has anyone on here sucessfully used msgsnarf to sniff AIM conversations?

  3. #3
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default

    Why dont you just use wireshark? and sniff the network traffic to grab convo's and what not. Should be easy if you and the other PC you are trying to sniff is on a hub. If you have a router that manages NAT, you may need to use ARP Spoofing to relay all the packets through your connection and you will be the 'man in the middle' to read them all. Ethercap from what I hear is a good tool to use. Although i have not used it myself to sniff packets or do an ARP Poison.

    Here is a link i just found while searching google for Msgsnarf
    http://forums.remote-exploit.org/showthread.php?t=2858

    Search pulls through again...

  4. #4

    Default

    Quote Originally Posted by Mr-Protocol View Post
    Why dont you just use wireshark?
    I have used Wireshark to look at the packets, multiple times actually, but it won't show the conversations.

    I've never used Wireshark+Ettercap (together), I think I'll try that

    Quote Originally Posted by Mr-Protocol View Post
    Here is a link i just found while searching google for Msgsnarf
    http://forums.remote-exploit.org/showthread.php?t=2858
    I've read/used that thread many times. I have it saved on my computer actually. msgsnarf still doesn't intercept AIM conversations though

  5. #5
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default

    are you trying to grab IM convo's of a PC on your local network via router? or over the internet to someone elses computer and their AIM client?

  6. #6

    Default

    Quote Originally Posted by Mr-Protocol View Post
    are you trying to grab IM convo's of a PC on your local network via router? or over the internet to someone elses computer and their AIM client?
    Over my network with a D-link router.

    I can see "____ just signed off" when a buddy signs off, but I can't see any IM's.

  7. #7
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default

    Well there is I think 2 things you can do.

    1) Disable the firewall in the router which should allow all packets to be broadcast on some routers. (Not too sure on this)

    2) ARP Spoof/Poison with ethercap and sniff the packets and analyze later.

  8. #8
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    7

    Default

    I'm not sure why you can't see the message. I was able to accomplish this by capturing wireless packets from my laptop and read a yahoo message I sent in it's entirety in wireshark.

  9. #9

    Default

    Quote Originally Posted by dotsun View Post
    I'm not sure why you can't see the message. I was able to accomplish this by capturing wireless packets from my laptop and read a yahoo message I sent in it's entirety in wireshark.
    I'm not sure if you have AIM, but if you do, do you mind trying with AIM and seeing if you can read the IM's?

  10. #10
    Just burned his ISO
    Join Date
    Aug 2008
    Posts
    7

    Default

    Well I installed aim and tested. I can't read the message in wireshark. That got me to thinking and I realized that I had actually sent the message that I was able to read using kopete from my linux lappy. So I installed yahoo messenger on my xp box and sent a message and I can't read it in shark either. I'm gonna test some more and see what I can come up with.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •