Hoffe das sich hier Leute melden die auch Ahnung davon haben.

Ich habe in nem WLAN bisschen gesniffed :P

habe auch ne menge aufgefangen...

nur versteh ich nicht wirklich wie ich da nen Passwort auslesen soll als beispiel nen MSN Passwort .

APR läuft bekomme nen paar Zertifikate und APR-HTTPS Dateien hiermal nen auszug.....



===========================================
=== Cain's HTTPS sniffer generated file ===
===========================================

[Client-side-data]
POST /ppsecure/sha1auth.srf?lc=1031 HTTP/1.1
Accept: */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; winfx)
Host: login.live.com
Content-Length: 1321
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSPPre=blaaaa@hotmail.com; MSPCID=7feb1d04d2f578f9; ANON=A=2E1DC31F8E7452AC9AC849D7FFFFFFFF&E=64e&W=44; NAP=V=1.6&E=5f4&C=UAS8Nbi0DeKz1lX2PyrJpo8lbyQ-zvkdlR4dvW5wzhpyucmIGNo1pg&W=45; MUID=F5EAA63DADAB469E83C29BF28CB0715A; MH=MSFT; s_lastvisit=1196773717203



[Client-side-data]
token=ct%3D1196921979%26bver%3D4%26id%3D3%26rru%3D %252Fcgi-bin%252FHoTMaiL%26svc%3Dmail%26js%3Dyes%26pl%3D%25 3Fid%253D3%26da%3D%253CEncryptedData%2520xmlns%253 D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522BinaryDAToken0%25 22%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod% 2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds% 253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValu e%253EARB5ZuDSiOAyY/o0AXgjKa31459RUnQnk70tgfymhuedKEfm6TSJ4yzSawpb2u7j mmT3MPaR9KGD9%252Bf9is%252BLtPucFiVECUrjkNxNj8iJbF he/hpvLq0TsIxKgNdcUpDamv4/rVjYfB0P%252B5Rpg1PWPIjvQ41DNKAskewxsT/BOzLsMUR2euYHt2Qguu/1wsYTN8Nr6FdqJLGfWkp09PdlVP/bQDpi8FGFHTmDWUetbKfY7HLfHiw2r9eGkgFCDYJWGi3nAR9%2 52B3Arm%252B0x9da/0VLEKehHRQYuhEy8ZkaewxEjrxJu8JQbc/20yBUB4X2O/mI69SQJ%252BkIdwiCw8YGmB

[Client-side-data]
Pg8CvDTpjBKpnWOtR1ZR8nlhRexHA%252BLcbwO5%252BhODzW t/7wkghN9v4VT3OObrskqEEcz9Dvy/4BT/u4DMtIW8M3F3iX3GJxRg0NHKdMcUlwnxonB24emQnWFmv/IXyQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D84SK1umkYptnF1264daQ0 bBpmf2zR7SQ%26hash%3DV9qwiIBYm/2BXyx6x6m4rxBXmWY%253D

[Server-side-data]
HTTP/1.1 100 Continue



[Server-side-data]
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 06 Dec 2007 06:19:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 06 Dec 2007 06:18:44 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOGN3A26 V: 0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: PPAuth=AbP*DWrpWh1okc8DaJqlswM4z2aSKQW7kudPxn0f9WV FjXObCqBH4Khgs0RCfHdttjyQuzo131LXMbCZmUF8EiXQzWpMg OhjcLPD33KopleuuTt6jtVHNGCtsLF6W5MZU7l6mfDPOMbUOJV djXX0et5*1ME7gmLIzpOZsSNEKrLtLBOvh1n6NDqn972OZqflB Dr*m54iRF!EQljsWg$$; domain=login.live.com;secure= ;path=/;HTTPOnly= ;version=1
Set-Cookie: PPLState=1; domain=.live.com;path=/;version=1
Set-Cookie: MSPPre=blabla@hotmail.de;domain=login.live.com;pat h=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: MSPShared= ; HTTPOnly= ; domain=login.live.com;path=/;Expires=Thu, 30-Oct-1980 16:00:00 GMT
Set-Cookie: MSPCID=c0722085794dbdc5; HTTPOnly= ; domain=login.live.com

[Server-side-data]
;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: RPSTAuth=EwDQARAnAAAURATre1Nkcu71L953y0QRAvwyKdOAA CIg9GUXXIfZwXE3jSeDQD%2bCervA7tIgdujb0nLdghaVKzWx% 2b5SKWdBerOYJYc%2beFQUx6FQY0zeNA%2bFSNVwobKZKTkDmO M2vHReZLz%2bCk5L8Wr9Tqu%2bsCUAdcHLEdc%2bDN8nZe5N5e Krj/mTKagM15ORGS0ahHlhG0VpSHnEiM2VxA2YAAAjaiT5OSZGLkCA BPWo33a3PaipvQLb3kbpmwUVOM7fm%2bF/mvhm/1DSHqZ1c25xs9YXA7j5T1IRq1nWcBMd07Kufqb8z1eY0vXDGPK ro5txIM%2bgxTuwVX7aJENz2FLL3RsOIye5otj1iZOSTac4ehz JwldmbaSOFekBuM01w7/3PMVIF64l%2bES2H9zbSgfQDl5d%2bEY3lVAkKA9BpJTZ0cD0n nR6yHJFhpMyGA%2bXWvhXUwbBGFr719UFB3fEFGsefPu%2bH1Y nmpAjhpGd9jACZySINhhJf8toznZ1vsDQQMDuHyJLHOShms0Ke lXBSueDYlb8Yv06hdvISdEh9Y94vHiYrCIrbOoE6cNuorNaK%2 b1UMOx78gn7mKyqQnzDaYX72oJpPALB/Kt5seAiJNgE%3d; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPAuth=2u1ajHu9SEyU7r6icozMSgAr*qGXuyFBYDkEjoqDGM mZW4zG4TrSByHNBy97EmoWJmtxOIeIrLe9!QJWEt3iAGyG9Vjs GvEHT*S2pABXsEDAKDFePhOqlgKWl5BaQhprF!; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPProf=23RcEgnWtFDSV677vpuUwWLtPy0yRmpuAz9I2nwq

[Server-side-data]
tPKnwMD5*2jcjzTh*6A6pxIAXmvg0ywgNPgazUW!f66ytABj!b GFsrQmyvSTfMNx*aNTPS2w0BrJ3AaZ1PhsPgOKJe*8j!zPb!RD znq0GFPAU9VzUpkD2Qe*tBZXadOWOB!mpUlxijqb0ojuamN2Vz kF5PM9XNv!PHFvo$; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSNPPAuth=B!753JlwaqQaroJv0XS2tjBgOnZl8O6X3gwGRcd! 5zSenrrfvjCn1DPLuRbO*xNihs!eGKZpjIo1mb364hZUsYKEcr !7vfaAOOFBgcLIyC7GLoF2qT7VY*nN4RbO7ASJAeLn0Jt4Am5q znkY2nrUfimSQzHfnbB60ArsifTiB*DDj7wDJEXsuyGJG9ttcA uVY6LTE4kB29qqg4t*3My0L8sCqBCh9oemhXusFU7879aLwIgp GJgQkQRhyGM0Dz6IoOUNsaqKK5il5ySO4LwOHAilNgfr9M9rK! msDNlXLbUk1tiBsoaZJEFG0nJaNvlh6NKTrtWhHXzztIQ9hHlz o9mTjWxFXIz9Npr*Sf4zBm9*TIscp!sgcWwmRr7GzDszxu3UYX FwYaELQV7ytC3Wuiq4zgT6Poil0nUFwWi8DcckYz9hHgQzde99 1IQOheZQgAGUk5roYo!ZT*2HSaDQFkrdOWO8LSEFEEH!uNkkny P79fxwjsrbrz7GW2Vw; domain=.live.com;path=/;version=1
Set-Cookie: MH=MSFT; expires=Wed, 30-Dec-2037 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHW=; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHList=; expires=Thu, 30-Oct-1980 16:00:00 GMT

[Server-side-data]
;domain=.live.com;path=/;version=1
Set-Cookie: ANON=A=8FD80FD77660633E48674AFAFFFFFFFF&E=64f&W=45;domain=.live.com;path=/;Expires=Mon, 23-Jun-2008 13:19:44 GMT
Set-Cookie: NAP=V=1.6&E=5f5&C=yUvDLJRwI3ukJppOX42cxmx2be3thzl02ZtOaeLDtkHRT_iv zKclhw&W=46;domain=.live.com;path=/;Expires=Sat, 15-Mar-2008 13:19:44 GMT
Set-Cookie: RPSTAuthTime=1196921984; domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPVis=2$9;domain=login.live.com;path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked



[Server-side-data]
a
‹ 


[Server-side-data]
1e5
D’_o¢LGïßäýB6¦5Yñ_‹´âAE+Vñg dfpDÜô»¯Æ¤{ûËIžä9çÿÿz‘ I¿¡ ö{à8Q¦H—º%ÎÁc•ûaN?ÀŒV8|zþS`
YQOîc?£4 z’#!Ò7E)Š¢1AœÔIFë€ðÏ=¦J¶g—_B� �ÎN“Œ?²6Dèd+¡á[Ð>LííðuuÑøiîåv¶¸Z
§ëNUú†2‡³‘‹1yaÞ4Ÿ–®™gêòHËÁnxÚ/»(£öxÞ&nâ N«\Ãl¸is›Ó‘uS18œFM܉·ÕT×"&Éf[Œ²È‹Ã:–fÎ’ï®Z:¢e‘?—3?)Û@˜� �¹§Â°Öj'ÜÙAd_ÇÞïÏÔ”>ýÍ,>??Ï‹+b3¦ ˜L$ëuƒŠ…V’îZ’«`R›\à€£`??!W%7 ø:Có}k<Ú¤®QëL~î°ól

³š@y'rµ0ÔRß[(™Róåv¶³´lÕr¶ç¹wžñøÕîþ¨&@o6ÚÍ*†z«Êy®?Ýf«Y€ùùýëÛ¤K
8Þl ~õ”‡æ~Oy´°g°¬0š° êò¿Þîòßåvîô½Ÿ¿ ~_¾H
0





Wie entschlüsselt man nun das Passwort :( falls dies überhaupt möglich ist

Ich hab zwar nicht wirklich Ahnung davon aber ich glaub du hast den md5 von "blaaaa@hotmail.com" gesnifft :D
Ist ja auch schonmal ganz nützlich ;)
Ich glaube du hast nur sowas wie passwörter oder so, weil du nur die https verbindungen gesnifft hast.
Also snifft er nur die extra gesicherten Verbindungen.

soweit ich weis kann man die pws von msn! nit sniffen!

aber ftp is ganz easy! have fun :wink: