Trying to figure out a program to write. . . . Facebook sniffer?

[Virchanza]

OK I'm cutting it close to the wire to think of a program to write for fourth year of my Computer Science course.

All I've decided so far is that it's gonna be a desktop GUI application written in C++ (just like my Dynamo program), and that it will run on at least Linux, MacOS and MS-Windows.

I was thinking of a Facebook sniffer program. Basically it would listen out on a wireless network for packets going to the Facebook servers and it would extract information from these packets, such as the person's display name, their e-mail address login, their profile picture and their password.

So you could go to a public hotspot, run my program and see a list of users who are currently logged on to Facebook from that access point, with their display name and profile picture shown. (And maybe even their password too, I'll have to have a think about that).

The easiest thing to listen out for would be the packet that's sent from a PC to log a user into Facebook, as it would contain the e-mail login and password, and then I could retrieve the user's profile picture along with their display name.

If I don't catch the packet that logs a user in, then maybe I could listen out for subsequent packets that contain cookies, but I'm guessing the cookies might contain info only intelligible to the Facebook servers.

Anyway.... any ideas? Do you think this would be a decent program to put together? (Obviously it won't work if people log in under https).

Any other ideas, I'm all ears.... I really need to submit a proposal this coming week :-O

[snafu777]

Virchanza,

How about a proggie that will parse the contents of packets for emails and then reconstruct them? It would be based off a two-way MITM. I've always had the idea because it's fun to look at emails this way, but I've never seen anything in the wild specifically designed to do so.

[clone]

hello virchanza,

would this be sort of building a gui for ComaX's YAMAS script or similar coding for a gui based network/credentials sniffer? It sounds like a neat idea for a project. I do not mean to come off as rude at all by suggesting this ; but perhaps take a look at some of the GUI tool *interfaces* made by savioboyz. the only word to describe them is *elegant*.

look foward to seeing what you create

[Virchanza]

Spanner in the works!

I had Wireshark running just there while I logged into Facebook using normal HTTP, but straight away I saw a TLSv1 packet originate from my computer going towards the Facebook server.

Wasn't expecting that.

Yeah this project might be a no-goer...... I'd have to do Man In The Middle and play around with dodgy certificates.

[theAud1t0r]

.... I'd have to do Man In The Middle and play around with dodgy certificates.

If it were easy it would already be done ^.^
More effort then your projects entails I assume..

Good luck though.. hope you come up with something 1337..

[M00kaw]

How about something that spoof's ssl-keys ?

Im thinking, if you ssh to a linux server, ssh will ask you to accept the key for that specific server.
Lets say, that you're a man-in-the-middle and I join, the first thing i do is to ssh to my server. You see the request and quickly ssh to my server too, gettinig the key.
Now, you're using that key towards me, that way my ssh-client wont notice a thing. I enter the password, and you save it.
Then you "stop" the man-in-the-middle attack towards me, and i can go ssh to my server like nothing has happend...

Dunno if that sounds plausible, but I think that's an app i haven't come across yet..
Gui or nor really doesn't matter to me tbh - but, this will work on multiple operating systems i guess.. And it wall make a great foundation for a nice report on the subject..

Just an idea i've had for some time...
Remember to pulbish it under GNU licens when you're done

[Scamentology]

this - something that accepts the cert and either forwards it or uses another cert. This way the the page is still https rather than stripping it out to http.

How about something that spoof's ssl-keys ?

Im thinking, if you ssh to a linux server, ssh will ask you to accept the key for that specific server.
Lets say, that you're a man-in-the-middle and I join, the first thing i do is to ssh to my server. You see the request and quickly ssh to my server too, gettinig the key.
Now, you're using that key towards me, that way my ssh-client wont notice a thing. I enter the password, and you save it.
Then you "stop" the man-in-the-middle attack towards me, and i can go ssh to my server like nothing has happend...

Dunno if that sounds plausible, but I think that's an app i haven't come across yet..
Gui or nor really doesn't matter to me tbh - but, this will work on multiple operating systems i guess.. And it wall make a great foundation for a nice report on the subject..

Just an idea i've had for some time...
Remember to pulbish it under GNU licens when you're done

[Gitsnik]

Left field, something I've been working on lately. Purely for hypothetical purposes of course .

Fake emails into a mailbox.

So that you could say:

On the 23rd of August 2003 I received an email from gitsnik@hiswebhost.com which said "x, y and z, regards, gitsnik" with an attachment of "bleh" and a sending mail program of X. Oh and here are the mail headers I also received, the route the email took etc.

It's kind of fun, it's not as public as facebook, but it would be truly terrifying to a lot of people if they actually realised this is possible in so many circumstances. IMAP connections are my particular favourite at why this is scary. At least with my clients, there is an innate trust in the email system. They have trouble believing that people can make an email say from:gitsnik@webhost.com to:gitsnik@webhost.com without them sending it themselves. Imagine how they react when you show them that nothing in there is sacred.

My $0.02.