Working packet sniffers

[BoogieManTM]

Are there any out there that still work?

I mean specifically one that does the following:

A) Decrypts packets from both directions
B) dumps the packets prior to encryption/after decryption

Wireshark doesn't cut it for these two, without manually pulling the session key down and doing it yourself.

[lanman92]

Didn't they change the encryption so that you couldn't find the key through sniffing now? You used to be able to do it quite simply, and it would be caught by the time you logged in. Something to do with the 'size' field in the packet and brute forcing it through that if I'm not mistaken. You probably know this though...

[BoogieManTM]

Yes, it was pretty easy to passively sniff packets. It used to be simple XOR on the headers with a 40 byte key, now it's RC4. I guess i'll just write something to decrypt a pcap dump (just need to pull the key from memory every session)

[SinnerG]

TOM_RUS has something like that, but I forgot the link.

[XTZGZoReX]

(This post has been resolved; I spoke to Boogie on IRC.)

[bluez31]

Forgive me for being somewhat off topic, but can someone send me some decrypted captures? I'd like to take a peek at what kind of data can be read and utilized. Thanks.

[miceiken]

Forgive me for being somewhat off topic, but can someone send me some decrypted captures? I'd like to take a peek at what kind of data can be read and utilized. Thanks.

Err, what do you think? All data comes from server to client...

[Robske]

I hooked all packet handlers, am I crazy?

[BoogieManTM]

I hooked all packet handlers, am I crazy?

Indeed you are.

I'm much more interesting in Client->Server packets, anyways

[caytchen]

Indeed you are.

I'm much more interesting in Client->Server packets, anyways

That would be one function only then

[Jadd]

Send me some telehacks?