cain&abel netzwerk sniffen https auswerten

[GrafZeppelin]

Hoffe das sich hier Leute melden die auch Ahnung davon haben.

Ich habe in nem WLAN bisschen gesniffed

habe auch ne menge aufgefangen...

nur versteh ich nicht wirklich wie ich da nen Passwort auslesen soll als beispiel nen MSN Passwort .

APR läuft bekomme nen paar Zertifikate und APR-HTTPS Dateien hiermal nen auszug.....

Code:

===========================================
=== Cain's HTTPS sniffer generated file ===
===========================================

[Client-side-data]
POST /ppsecure/sha1auth.srf?lc=1031 HTTP/1.1
Accept: */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; winfx)
Host: login.live.com
Content-Length: 1321
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSPPre=blaaaa@hotmail.com; MSPCID=7feb1d04d2f578f9; ANON=A=2E1DC31F8E7452AC9AC849D7FFFFFFFF&E=64e&W=44; NAP=V=1.6&E=5f4&C=UAS8Nbi0DeKz1lX2PyrJpo8lbyQ-zvkdlR4dvW5wzhpyucmIGNo1pg&W=45; MUID=F5EAA63DADAB469E83C29BF28CB0715A; MH=MSFT; s_lastvisit=1196773717203



[Client-side-data]
token=ct%3D1196921979%26bver%3D4%26id%3D3%26rru%3D%252Fcgi-bin%252FHoTMaiL%26svc%3Dmail%26js%3Dyes%26pl%3D%253Fid%253D3%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522BinaryDAToken0%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EARB5ZuDSiOAyY/o0AXgjKa31459RUnQnk70tgfymhuedKEfm6TSJ4yzSawpb2u7jmmT3MPaR9KGD9%252Bf9is%252BLtPucFiVECUrjkNxNj8iJbFhe/hpvLq0TsIxKgNdcUpDamv4/rVjYfB0P%252B5Rpg1PWPIjvQ41DNKAskewxsT/BOzLsMUR2euYHt2Qguu/1wsYTN8Nr6FdqJLGfWkp09PdlVP/bQDpi8FGFHTmDWUetbKfY7HLfHiw2r9eGkgFCDYJWGi3nAR9%252B3Arm%252B0x9da/0VLEKehHRQYuhEy8ZkaewxEjrxJu8JQbc/20yBUB4X2O/mI69SQJ%252BkIdwiCw8YGmB

[Client-side-data]
Pg8CvDTpjBKpnWOtR1ZR8nlhRexHA%252BLcbwO5%252BhODzWt/7wkghN9v4VT3OObrskqEEcz9Dvy/4BT/u4DMtIW8M3F3iX3GJxRg0NHKdMcUlwnxonB24emQnWFmv/IXyQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D84SK1umkYptnF1264daQ0bBpmf2zR7SQ%26hash%3DV9qwiIBYm/2BXyx6x6m4rxBXmWY%253D 

[Server-side-data]
HTTP/1.1 100 Continue



[Server-side-data]
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 06 Dec 2007 06:19:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 06 Dec 2007 06:18:44 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOGN3A26 V: 0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: PPAuth=AbP*DWrpWh1okc8DaJqlswM4z2aSKQW7kudPxn0f9WVFjXObCqBH4Khgs0RCfHdttjyQuzo131LXMbCZmUF8EiXQzWpMgOhjcLPD33KopleuuTt6jtVHNGCtsLF6W5MZU7l6mfDPOMbUOJVdjXX0et5*1ME7gmLIzpOZsSNEKrLtLBOvh1n6NDqn972OZqflBDr*m54iRF!EQljsWg$$; domain=login.live.com;secure= ;path=/;HTTPOnly= ;version=1
Set-Cookie: PPLState=1; domain=.live.com;path=/;version=1
Set-Cookie: MSPPre=blabla@hotmail.de;domain=login.live.com;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: MSPShared= ; HTTPOnly= ; domain=login.live.com;path=/;Expires=Thu, 30-Oct-1980 16:00:00 GMT
Set-Cookie: MSPCID=c0722085794dbdc5; HTTPOnly= ; domain=login.live.com

[Server-side-data]
;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: RPSTAuth=EwDQARAnAAAURATre1Nkcu71L953y0QRAvwyKdOAACIg9GUXXIfZwXE3jSeDQD%2bCervA7tIgdujb0nLdghaVKzWx%2b5SKWdBerOYJYc%2beFQUx6FQY0zeNA%2bFSNVwobKZKTkDmOM2vHReZLz%2bCk5L8Wr9Tqu%2bsCUAdcHLEdc%2bDN8nZe5N5eKrj/mTKagM15ORGS0ahHlhG0VpSHnEiM2VxA2YAAAjaiT5OSZGLkCABPWo33a3PaipvQLb3kbpmwUVOM7fm%2bF/mvhm/1DSHqZ1c25xs9YXA7j5T1IRq1nWcBMd07Kufqb8z1eY0vXDGPKro5txIM%2bgxTuwVX7aJENz2FLL3RsOIye5otj1iZOSTac4ehzJwldmbaSOFekBuM01w7/3PMVIF64l%2bES2H9zbSgfQDl5d%2bEY3lVAkKA9BpJTZ0cD0nnR6yHJFhpMyGA%2bXWvhXUwbBGFr719UFB3fEFGsefPu%2bH1YnmpAjhpGd9jACZySINhhJf8toznZ1vsDQQMDuHyJLHOShms0KelXBSueDYlb8Yv06hdvISdEh9Y94vHiYrCIrbOoE6cNuorNaK%2b1UMOx78gn7mKyqQnzDaYX72oJpPALB/Kt5seAiJNgE%3d; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPAuth=2u1ajHu9SEyU7r6icozMSgAr*qGXuyFBYDkEjoqDGMmZW4zG4TrSByHNBy97EmoWJmtxOIeIrLe9!QJWEt3iAGyG9VjsGvEHT*S2pABXsEDAKDFePhOqlgKWl5BaQhprF!; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPProf=23RcEgnWtFDSV677vpuUwWLtPy0yRmpuAz9I2nwq

[Server-side-data]
tPKnwMD5*2jcjzTh*6A6pxIAXmvg0ywgNPgazUW!f66ytABj!bGFsrQmyvSTfMNx*aNTPS2w0BrJ3AaZ1PhsPgOKJe*8j!zPb!RDznq0GFPAU9VzUpkD2Qe*tBZXadOWOB!mpUlxijqb0ojuamN2VzkF5PM9XNv!PHFvo$; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSNPPAuth=B!753JlwaqQaroJv0XS2tjBgOnZl8O6X3gwGRcd!5zSenrrfvjCn1DPLuRbO*xNihs!eGKZpjIo1mb364hZUsYKEcr!7vfaAOOFBgcLIyC7GLoF2qT7VY*nN4RbO7ASJAeLn0Jt4Am5qznkY2nrUfimSQzHfnbB60ArsifTiB*DDj7wDJEXsuyGJG9ttcAuVY6LTE4kB29qqg4t*3My0L8sCqBCh9oemhXusFU7879aLwIgpGJgQkQRhyGM0Dz6IoOUNsaqKK5il5ySO4LwOHAilNgfr9M9rK!msDNlXLbUk1tiBsoaZJEFG0nJaNvlh6NKTrtWhHXzztIQ9hHlzo9mTjWxFXIz9Npr*Sf4zBm9*TIscp!sgcWwmRr7GzDszxu3UYXFwYaELQV7ytC3Wuiq4zgT6Poil0nUFwWi8DcckYz9hHgQzde991IQOheZQgAGUk5roYo!ZT*2HSaDQFkrdOWO8LSEFEEH!uNkknyP79fxwjsrbrz7GW2Vw; domain=.live.com;path=/;version=1
Set-Cookie: MH=MSFT; expires=Wed, 30-Dec-2037 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHW=; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHList=; expires=Thu, 30-Oct-1980 16:00:00 GMT

[Server-side-data]
;domain=.live.com;path=/;version=1
Set-Cookie: ANON=A=8FD80FD77660633E48674AFAFFFFFFFF&E=64f&W=45;domain=.live.com;path=/;Expires=Mon, 23-Jun-2008 13:19:44 GMT
Set-Cookie: NAP=V=1.6&E=5f5&C=yUvDLJRwI3ukJppOX42cxmx2be3thzl02ZtOaeLDtkHRT_ivzKclhw&W=46;domain=.live.com;path=/;Expires=Sat, 15-Mar-2008 13:19:44 GMT
Set-Cookie: RPSTAuthTime=1196921984; domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPVis=2$9;domain=login.live.com;path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked



[Server-side-data]
a
‹      


[Server-side-data]
1e5
D’_o¢LGïßäýB6¦5Yñ_‹´âAE+VñgdfpDÜô»¯Æ¤{ûËIžä9çÿÿz‘ I¿¡ ö{à8Q¦H—º%ÎÁc•ûaN?ÀŒV8|zþS`
YQOîc?£4	 z’#!Ò7E)Š¢1AœÔIFë€ðÏ=¦J¶g—_B×ÎN“Œ?²6Dèd+¡á[Ð>LííðuuÑøiîåv¶¸Z
§ëNUú†2‡³‘‹1yaÞ4Ÿ–®™gêòHËÁnxÚ/»(£öxÞ&nâ N«\Ãl¸is›Ó‘uS18œFM܉·ÕT×"&Éf[Œ²È‹Ã:–fÎ’ï®Z:¢e‘?—3?)Û@˜Ç¹§Â°Öj'ÜÙAd_ÇÞïÏÔ”>ýÍ,>??Ï‹+b3¦	˜L$ëuƒŠ…V’îZ’«`R›\à€£`??!W%7ø:Có}k<Ú¤®QëL~î°ól

³š@y'rµ0ÔRß[(™Róåv¶³´lÕr¶ç¹wžñøÕîþ¨&@o6ÚÍ*†z«Êy®?Ýf«Y€ùùýëÛ¤K
8Þl~õ”‡æ~Oy´°g°¬0š° êò¿Þîòßåvîô½Ÿ¿ ~_¾H  
0

Wie entschlüsselt man nun das Passwort falls dies überhaupt möglich ist

[Zimmerpflanze]

Ich hab zwar nicht wirklich Ahnung davon aber ich glaub du hast den md5 von "blaaaa@hotmail.com" gesnifft
Ist ja auch schonmal ganz nützlich
Ich glaube du hast nur sowas wie passwörter oder so, weil du nur die https verbindungen gesnifft hast.
Also snifft er nur die extra gesicherten Verbindungen.

[snipa]

soweit ich weis kann man die pws von msn! nit sniffen!

aber ftp is ganz easy! have fun :wink: