3 replies to this topic

[Bramming]

Hey BinRev

I've recently toyed around with some SQL injection and buffer overflow writing and found it very interesting. My next goal, however, is network programming. I've designed a task for myself to do this:

I currently have an application that connects to the internet on a given port, and logs in. What I'm trying to do, is intercept the outgoing connection, and write a program that responds to the queries. I am going to analyze the outgoing connection with Wireshark, to see what it "sends" and receives from the server, so I can craft a server program to mimic the behaviour of the real one, thus making it possible to use the program to authenticate to my own server.. However, I have no idea how I can intercept that outgoing connection, and redirect it to my own server. Can anyone point me in the right direction?

Thanks

[phasma]

Not sure if trolled but, what do you mean "connects to the internet on a given port, and logs in."? Are you talking about connecting to a host that has a port you can log in too?(i.e. FTP, SSH etc.)

I'm just trying to better understand what you're trying to do so I can better help. But it sounds to me like your trying to learn more about packet injection.

[Bramming]

Not sure if trolled but, what do you mean "connects to the internet on a given port, and logs in."? Are you talking about connecting to a host that has a port you can log in too?(i.e. FTP, SSH etc.)

I'm just trying to better understand what you're trying to do so I can better help. But it sounds to me like your trying to learn more about packet injection.

Hey. Well, english isn't my native language so i have a hard time explaining myself clearly. But yeah its something with packet injection. I think the best way to explain would be a random example:

Lets say i play a game like world of warcraft. Normally this would happen (simplified):

1. I open the game client
2. The game client connects to the blizzard game servers by saying something like:
"Hi this is [username] with [password] "
3. Blizzard game server responds with "ok, you are now logged in"
4. I play the game, knowing that im connected to blizzard (obviously)

Instead i want this to happen:


1. I open the game client
2. The game client *THINKS* it connects to the blizzard game servers but instead, all the data that would be send to blizzard, is redirected to my own written "server"
3. My "server" processes the data and sends a login message
4. I play the game,thinking that im connected to blizzard, but instead using a different server.

Im not going to try to create my own private WoW server. This is just example of how it works

Sort of like a man-in-the-middle attack, except that the data never reaches the endpoint, just me, who crafts the response.

Hope i made sense

Edited by Bramming, 09 June 2011 - 11:36 PM.

[serrath]

I'm also interested to know if this is possible for some kind of proof-of-concept APR + fake website attack to intercept logins without even having them hashed.