Jump to content


Photo
- - - - -

How do you sniff an IP using Live Messenger?


  • Please log in to reply
11 replies to this topic

#1 Mr_H4N

Mr_H4N

    Will I break 10 posts?

  • Members
  • 3 posts
  • Gender:Male

Posted 03 January 2010 - 12:27 AM

Hi guys, first off, a very happy new year.

I'm a new user here, and I have a good programming and security related background. I know a few things here and there about hacking, but have never tried any as such.
Anyways, on to the topic of this post :

I was on Live Messenger, and was chatting with a "self-declared" hax0r. After sometime, he found out my IP (my personal IP, even though my ISP uses a proxy). I did not click on ANY link, my computer did not have any trojans/worms/viruses, and I definetely did not fall for any "direct connection" attempt.
All I did was talk to him. I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP? Wouldn't it just show my traffic through the Live messenger?

Please help me....

Thanks,

Mr_H4N.

#2 tekio

tekio

    5(R1P7 |<1DD13

  • Binrev Financier
  • 1,112 posts
  • Gender:Male
  • Location:The Blue Nowhere

Posted 03 January 2010 - 12:47 AM

The best way to find out is to get two MSN Messenger accounts and possibly two different internet connections and do a little investigating. personally, I do not know how MSN Messenger works; is it a direct connection between the clients, or do the clients communicate through a server? A little experimenting should give the answer.

#3 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 936 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 03 January 2010 - 01:01 AM

hmm.. ive never tried with 2 accs/computers but whenever ive filtered it it does show username/email on the packetz/wireshark shows it. but it gives generic sender/destination so it does use a server. maybe sending files or something idk.

#4 Mr_H4N

Mr_H4N

    Will I break 10 posts?

  • Members
  • 3 posts
  • Gender:Male

Posted 03 January 2010 - 05:25 AM

Well, it works by connecting to the Live Messenger's server. The connection takes place through that.
I think it's a patch to the direct connection trick which was used before. If you try netstat -a, you get the IP of the server to which the messenger is connecting to, and not the actual IP of the person.

#5 SchippStrich

SchippStrich

    SUP3R 31337 P1MP

  • Members
  • 293 posts
  • Country:
  • Gender:Male
  • Location:USA

Posted 05 January 2010 - 05:27 AM

I believe he used ettercap/Wireshark to sniff my traffic, but would that give away my real IP?

He would have to be on the same network segment to be able to sniff your traffic using Ettercap. As for Wireshark anyone of the routers/devices which your traffic passes along from source/destination. Yes, if the sniffer sees the data meaning it's there then it would be be able parse out the IP header from which your IP would be located.

Edited by schippystrich, 30 January 2010 - 04:12 AM.


#6 Powermaniac7

Powermaniac7

    mad 1337

  • Members
  • 138 posts
  • Country:
  • Gender:Male

Posted 17 January 2010 - 04:10 AM

Link scroll down the page and your questions shall be answered.

#7 dinscurge

dinscurge

    "I Hack, therefore, I am"

  • Members
  • 936 posts
  • Country:
  • Gender:Male
  • Location:the bunker

Posted 17 January 2010 - 05:14 PM

Link scroll down the page and your questions shall be answered.

ha lucky guess lols. ty fro linkz

#8 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 17 January 2010 - 08:40 PM

Most of the traffic that goes through windows live messenger is proxied through Microsoft's servers. To get someone else's IP address you'll need to trigger a part of the protocol that will establish a direct connection between you and the other person, that can usually be done with a large file transfer or during a webcam session. Beware that file transfers can also be proxied through Microsoft, which can normally be noticed by the super slow transfer speed. Google about it, and you'll find a couple of guides that will tell you what can cause a direct connection between you and the other person, long enough so that you can use netstat to see your system's current connection, to then guess which one is the good one.

#9 CYB

CYB

    Will I break 10 posts?

  • Members
  • 8 posts
  • Gender:Male

Posted 27 January 2010 - 09:45 PM

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar

#10 Mr_H4N

Mr_H4N

    Will I break 10 posts?

  • Members
  • 3 posts
  • Gender:Male

Posted 29 January 2010 - 09:59 PM

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar


Ok first off, that script does not work anymore.

Anyways, it is *supposed* to work by using Wireshark to sniff the MSNMS protocol and making your buddy change his/her display picture (or Avatar, but called a display picture in WLM). I have tried it, but it doesn't work, or atleast, I'm not able to generate the packet(s) containing the IP address of either my computer, or my friend's. The logic behind this is that when a display picture is changed, the cache in OUR computer is updated with your buddy's new display picture. This is initiated via a DCC to your computer. By analysing these packets, you're supposed to get the internal and the external IP address of the user. I was not able to generate any such package, anybody use Wireshark here?

#11 Syx

Syx

    Will I break 10 posts?

  • Members
  • 8 posts
  • Country:
  • Gender:Not Telling
  • Location:The desert.

Posted 27 February 2010 - 03:47 PM

Sorry if i bump this, I'm new around here.

So, a way of obtaining an IP (The one i usually end up doing) is getting them to send me an email.
Email headers contain alot of information and within all that is the X-Originating IP where their
IPA is found.

If you want to do it on the fly then i'd recommend you to send some random picture, then catch it.

For Windows users, A trick i used to do was i made a batch script that adds binary data to a picture in a
continuous loop, extending the filesize as it loops. This has proven a good method for sendin "small"
pictures but since their size is constantly growing, the download process extends.

The trick here is to send the file and when the contact starts downloading, execute the batch file
that adds big blocks of random data to the image. This will give you a bigger window for catching the IPA.

There are really alot of ways to do a simple task in the computer world, you just have to start from
where you are most comfortable with.

Anyone is free to correct anything I have posted... and my english is not perfect. (Not my first language)

#12 elvis parker

elvis parker

    Will I break 10 posts?

  • Members
  • 4 posts
  • Gender:Male
  • Location:United States of America

Posted 08 January 2012 - 02:51 PM

this is an MSN ip grabber iv found. never tryed it but iv been meaning to get it. IDK if it works or no either ahah

its called IPGet v1.5

maybe this helps a lil... =)

http://rapidshare.co.../IPGet_1.50.rar


This will not work on windows 7.




BinRev is hosted by the great people at Lunarpages!