cain&abel netzwerk sniffen https auswerten
Hoffe das sich hier Leute melden die auch Ahnung davon haben.
Ich habe in nem WLAN bisschen gesniffed :P
habe auch ne menge aufgefangen...
nur versteh ich nicht wirklich wie ich da nen Passwort auslesen soll als beispiel nen MSN Passwort .
APR läuft bekomme nen paar Zertifikate und APR-HTTPS Dateien hiermal nen auszug.....
Code:
===========================================
=== Cain's HTTPS sniffer generated file ===
===========================================
[Client-side-data]
POST /ppsecure/sha1auth.srf?lc=1031 HTTP/1.1
Accept: */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; winfx)
Host: login.live.com
Content-Length: 1321
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSPPre=blaaaa@hotmail.com; MSPCID=7feb1d04d2f578f9; ANON=A=2E1DC31F8E7452AC9AC849D7FFFFFFFF&E=64e&W=44; NAP=V=1.6&E=5f4&C=UAS8Nbi0DeKz1lX2PyrJpo8lbyQ-zvkdlR4dvW5wzhpyucmIGNo1pg&W=45; MUID=F5EAA63DADAB469E83C29BF28CB0715A; MH=MSFT; s_lastvisit=1196773717203
[Client-side-data]
token=ct%3D1196921979%26bver%3D4%26id%3D3%26rru%3D%252Fcgi-bin%252FHoTMaiL%26svc%3Dmail%26js%3Dyes%26pl%3D%253Fid%253D3%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522BinaryDAToken0%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EARB5ZuDSiOAyY/o0AXgjKa31459RUnQnk70tgfymhuedKEfm6TSJ4yzSawpb2u7jmmT3MPaR9KGD9%252Bf9is%252BLtPucFiVECUrjkNxNj8iJbFhe/hpvLq0TsIxKgNdcUpDamv4/rVjYfB0P%252B5Rpg1PWPIjvQ41DNKAskewxsT/BOzLsMUR2euYHt2Qguu/1wsYTN8Nr6FdqJLGfWkp09PdlVP/bQDpi8FGFHTmDWUetbKfY7HLfHiw2r9eGkgFCDYJWGi3nAR9%252B3Arm%252B0x9da/0VLEKehHRQYuhEy8ZkaewxEjrxJu8JQbc/20yBUB4X2O/mI69SQJ%252BkIdwiCw8YGmB
[Client-side-data]
Pg8CvDTpjBKpnWOtR1ZR8nlhRexHA%252BLcbwO5%252BhODzWt/7wkghN9v4VT3OObrskqEEcz9Dvy/4BT/u4DMtIW8M3F3iX3GJxRg0NHKdMcUlwnxonB24emQnWFmv/IXyQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D84SK1umkYptnF1264daQ0bBpmf2zR7SQ%26hash%3DV9qwiIBYm/2BXyx6x6m4rxBXmWY%253D
[Server-side-data]
HTTP/1.1 100 Continue
[Server-side-data]
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 06 Dec 2007 06:19:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 06 Dec 2007 06:18:44 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOGN3A26 V: 0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: PPAuth=AbP*DWrpWh1okc8DaJqlswM4z2aSKQW7kudPxn0f9WVFjXObCqBH4Khgs0RCfHdttjyQuzo131LXMbCZmUF8EiXQzWpMgOhjcLPD33KopleuuTt6jtVHNGCtsLF6W5MZU7l6mfDPOMbUOJVdjXX0et5*1ME7gmLIzpOZsSNEKrLtLBOvh1n6NDqn972OZqflBDr*m54iRF!EQljsWg$$; domain=login.live.com;secure= ;path=/;HTTPOnly= ;version=1
Set-Cookie: PPLState=1; domain=.live.com;path=/;version=1
Set-Cookie: MSPPre=blabla@hotmail.de;domain=login.live.com;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: MSPShared= ; HTTPOnly= ; domain=login.live.com;path=/;Expires=Thu, 30-Oct-1980 16:00:00 GMT
Set-Cookie: MSPCID=c0722085794dbdc5; HTTPOnly= ; domain=login.live.com
[Server-side-data]
;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: RPSTAuth=EwDQARAnAAAURATre1Nkcu71L953y0QRAvwyKdOAACIg9GUXXIfZwXE3jSeDQD%2bCervA7tIgdujb0nLdghaVKzWx%2b5SKWdBerOYJYc%2beFQUx6FQY0zeNA%2bFSNVwobKZKTkDmOM2vHReZLz%2bCk5L8Wr9Tqu%2bsCUAdcHLEdc%2bDN8nZe5N5eKrj/mTKagM15ORGS0ahHlhG0VpSHnEiM2VxA2YAAAjaiT5OSZGLkCABPWo33a3PaipvQLb3kbpmwUVOM7fm%2bF/mvhm/1DSHqZ1c25xs9YXA7j5T1IRq1nWcBMd07Kufqb8z1eY0vXDGPKro5txIM%2bgxTuwVX7aJENz2FLL3RsOIye5otj1iZOSTac4ehzJwldmbaSOFekBuM01w7/3PMVIF64l%2bES2H9zbSgfQDl5d%2bEY3lVAkKA9BpJTZ0cD0nnR6yHJFhpMyGA%2bXWvhXUwbBGFr719UFB3fEFGsefPu%2bH1YnmpAjhpGd9jACZySINhhJf8toznZ1vsDQQMDuHyJLHOShms0KelXBSueDYlb8Yv06hdvISdEh9Y94vHiYrCIrbOoE6cNuorNaK%2b1UMOx78gn7mKyqQnzDaYX72oJpPALB/Kt5seAiJNgE%3d; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPAuth=2u1ajHu9SEyU7r6icozMSgAr*qGXuyFBYDkEjoqDGMmZW4zG4TrSByHNBy97EmoWJmtxOIeIrLe9!QJWEt3iAGyG9VjsGvEHT*S2pABXsEDAKDFePhOqlgKWl5BaQhprF!; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPProf=23RcEgnWtFDSV677vpuUwWLtPy0yRmpuAz9I2nwq
[Server-side-data]
tPKnwMD5*2jcjzTh*6A6pxIAXmvg0ywgNPgazUW!f66ytABj!bGFsrQmyvSTfMNx*aNTPS2w0BrJ3AaZ1PhsPgOKJe*8j!zPb!RDznq0GFPAU9VzUpkD2Qe*tBZXadOWOB!mpUlxijqb0ojuamN2VzkF5PM9XNv!PHFvo$; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSNPPAuth=B!753JlwaqQaroJv0XS2tjBgOnZl8O6X3gwGRcd!5zSenrrfvjCn1DPLuRbO*xNihs!eGKZpjIo1mb364hZUsYKEcr!7vfaAOOFBgcLIyC7GLoF2qT7VY*nN4RbO7ASJAeLn0Jt4Am5qznkY2nrUfimSQzHfnbB60ArsifTiB*DDj7wDJEXsuyGJG9ttcAuVY6LTE4kB29qqg4t*3My0L8sCqBCh9oemhXusFU7879aLwIgpGJgQkQRhyGM0Dz6IoOUNsaqKK5il5ySO4LwOHAilNgfr9M9rK!msDNlXLbUk1tiBsoaZJEFG0nJaNvlh6NKTrtWhHXzztIQ9hHlzo9mTjWxFXIz9Npr*Sf4zBm9*TIscp!sgcWwmRr7GzDszxu3UYXFwYaELQV7ytC3Wuiq4zgT6Poil0nUFwWi8DcckYz9hHgQzde991IQOheZQgAGUk5roYo!ZT*2HSaDQFkrdOWO8LSEFEEH!uNkknyP79fxwjsrbrz7GW2Vw; domain=.live.com;path=/;version=1
Set-Cookie: MH=MSFT; expires=Wed, 30-Dec-2037 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHW=; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHList=; expires=Thu, 30-Oct-1980 16:00:00 GMT
[Server-side-data]
;domain=.live.com;path=/;version=1
Set-Cookie: ANON=A=8FD80FD77660633E48674AFAFFFFFFFF&E=64f&W=45;domain=.live.com;path=/;Expires=Mon, 23-Jun-2008 13:19:44 GMT
Set-Cookie: NAP=V=1.6&E=5f5&C=yUvDLJRwI3ukJppOX42cxmx2be3thzl02ZtOaeLDtkHRT_ivzKclhw&W=46;domain=.live.com;path=/;Expires=Sat, 15-Mar-2008 13:19:44 GMT
Set-Cookie: RPSTAuthTime=1196921984; domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPVis=2$9;domain=login.live.com;path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
[Server-side-data]
a
‹
[Server-side-data]
1e5
D’_o¢LGïßäýB6¦5Yñ_‹´âAE+VñgdfpDÜô»¯Æ¤{ûËIžä9çÿÿz‘ I¿¡ ö{à8Q¦H—º%ÎÁc•ûaN?ÀŒV8|zþS`
YQOîc?£4 z’#!Ò7E)Š¢1AœÔIFë€ðÏ=¦J¶g—_B×ÎN“Œ?²6Dèd+¡á[Ð>LííðuuÑøiîåv¶¸Z
§ëNUú†2‡³‘‹1yaÞ4Ÿ–®™gêòHËÁnxÚ/»(£öxÞ&nâ N«\Ãl¸is›Ó‘uS18œFM܉·ÕT×"&Éf[Œ²È‹Ã:–fÎ’ï®Z:¢e‘?—3?)Û@˜Ç¹§Â°Öj'ÜÙAd_ÇÞïÏÔ”>ýÍ,>??Ï‹+b3¦ ˜L$ëuƒŠ…V’îZ’«`R›\à€£`??!W%7ø:Có}k<Ú¤®QëL~î°ól
³š@y'rµ0ÔRß[(™Róåv¶³´lÕr¶ç¹wžñøÕîþ¨&@o6ÚÍ*†z«Êy®?Ýf«Y€ùùýëÛ¤K8Þl~õ”‡æ~Oy´°g°¬0š° êò¿Þîòßåvîô½Ÿ¿ ~_¾H
0
Wie entschlüsselt man nun das Passwort :( falls dies überhaupt möglich ist