Hoffe das sich hier Leute melden die auch Ahnung davon haben.
Ich habe in nem WLAN bisschen gesniffed
habe auch ne menge aufgefangen...
nur versteh ich nicht wirklich wie ich da nen Passwort auslesen soll als beispiel nen MSN Passwort .
APR läuft bekomme nen paar Zertifikate und APR-HTTPS Dateien hiermal nen auszug.....
Code:
===========================================
=== Cain's HTTPS sniffer generated file ===
===========================================
[Client-side-data]
POST /ppsecure/sha1auth.srf?lc=1031 HTTP/1.1
Accept: */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; winfx)
Host: login.live.com
Content-Length: 1321
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: MSPPre=blaaaa@hotmail.com; MSPCID=7feb1d04d2f578f9; ANON=A=2E1DC31F8E7452AC9AC849D7FFFFFFFF&E=64e&W=44; NAP=V=1.6&E=5f4&C=UAS8Nbi0DeKz1lX2PyrJpo8lbyQ-zvkdlR4dvW5wzhpyucmIGNo1pg&W=45; MUID=F5EAA63DADAB469E83C29BF28CB0715A; MH=MSFT; s_lastvisit=1196773717203
[Client-side-data]
token=ct%3D1196921979%26bver%3D4%26id%3D3%26rru%3D%252Fcgi-bin%252FHoTMaiL%26svc%3Dmail%26js%3Dyes%26pl%3D%253Fid%253D3%26da%3D%253CEncryptedData%2520xmlns%253D%2522http://www.w3.org/2001/04/xmlenc%2523%2522%2520Id%253D%2522BinaryDAToken0%2522%2520Type%253D%2522http://www.w3.org/2001/04/xmlenc%2523Element%2522%253E%253CEncryptionMethod%2520Algorithm%253D%2522http://www.w3.org/2001/04/xmlenc%2523tripledes-cbc%2522%253E%253C/EncryptionMethod%253E%253Cds:KeyInfo%2520xmlns:ds%253D%2522http://www.w3.org/2000/09/xmldsig%2523%2522%253E%253Cds:KeyName%253Ehttp://Passport.NET/STS%253C/ds:KeyName%253E%253C/ds:KeyInfo%253E%253CCipherData%253E%253CCipherValue%253EARB5ZuDSiOAyY/o0AXgjKa31459RUnQnk70tgfymhuedKEfm6TSJ4yzSawpb2u7jmmT3MPaR9KGD9%252Bf9is%252BLtPucFiVECUrjkNxNj8iJbFhe/hpvLq0TsIxKgNdcUpDamv4/rVjYfB0P%252B5Rpg1PWPIjvQ41DNKAskewxsT/BOzLsMUR2euYHt2Qguu/1wsYTN8Nr6FdqJLGfWkp09PdlVP/bQDpi8FGFHTmDWUetbKfY7HLfHiw2r9eGkgFCDYJWGi3nAR9%252B3Arm%252B0x9da/0VLEKehHRQYuhEy8ZkaewxEjrxJu8JQbc/20yBUB4X2O/mI69SQJ%252BkIdwiCw8YGmB
[Client-side-data]
Pg8CvDTpjBKpnWOtR1ZR8nlhRexHA%252BLcbwO5%252BhODzWt/7wkghN9v4VT3OObrskqEEcz9Dvy/4BT/u4DMtIW8M3F3iX3GJxRg0NHKdMcUlwnxonB24emQnWFmv/IXyQ%253D%253D%253C/CipherValue%253E%253C/CipherData%253E%253C/EncryptedData%253E%26nonce%3D84SK1umkYptnF1264daQ0bBpmf2zR7SQ%26hash%3DV9qwiIBYm/2BXyx6x6m4rxBXmWY%253D
[Server-side-data]
HTTP/1.1 100 Continue
[Server-side-data]
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 06 Dec 2007 06:19:44 GMT
Pragma: no-cache
Content-Type: text/html; charset=iso-8859-1
Expires: Thu, 06 Dec 2007 06:18:44 GMT
Server: Microsoft-IIS/6.0
PPServer: PPV: 30 H: BAYPPLOGN3A26 V: 0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: PPAuth=AbP*DWrpWh1okc8DaJqlswM4z2aSKQW7kudPxn0f9WVFjXObCqBH4Khgs0RCfHdttjyQuzo131LXMbCZmUF8EiXQzWpMgOhjcLPD33KopleuuTt6jtVHNGCtsLF6W5MZU7l6mfDPOMbUOJVdjXX0et5*1ME7gmLIzpOZsSNEKrLtLBOvh1n6NDqn972OZqflBDr*m54iRF!EQljsWg$$; domain=login.live.com;secure= ;path=/;HTTPOnly= ;version=1
Set-Cookie: PPLState=1; domain=.live.com;path=/;version=1
Set-Cookie: MSPPre=blabla@hotmail.de;domain=login.live.com;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: MSPShared= ; HTTPOnly= ; domain=login.live.com;path=/;Expires=Thu, 30-Oct-1980 16:00:00 GMT
Set-Cookie: MSPCID=c0722085794dbdc5; HTTPOnly= ; domain=login.live.com
[Server-side-data]
;path=/;Expires=Wed, 30-Dec-2037 16:00:00 GMT
Set-Cookie: RPSTAuth=EwDQARAnAAAURATre1Nkcu71L953y0QRAvwyKdOAACIg9GUXXIfZwXE3jSeDQD%2bCervA7tIgdujb0nLdghaVKzWx%2b5SKWdBerOYJYc%2beFQUx6FQY0zeNA%2bFSNVwobKZKTkDmOM2vHReZLz%2bCk5L8Wr9Tqu%2bsCUAdcHLEdc%2bDN8nZe5N5eKrj/mTKagM15ORGS0ahHlhG0VpSHnEiM2VxA2YAAAjaiT5OSZGLkCABPWo33a3PaipvQLb3kbpmwUVOM7fm%2bF/mvhm/1DSHqZ1c25xs9YXA7j5T1IRq1nWcBMd07Kufqb8z1eY0vXDGPKro5txIM%2bgxTuwVX7aJENz2FLL3RsOIye5otj1iZOSTac4ehzJwldmbaSOFekBuM01w7/3PMVIF64l%2bES2H9zbSgfQDl5d%2bEY3lVAkKA9BpJTZ0cD0nnR6yHJFhpMyGA%2bXWvhXUwbBGFr719UFB3fEFGsefPu%2bH1YnmpAjhpGd9jACZySINhhJf8toznZ1vsDQQMDuHyJLHOShms0KelXBSueDYlb8Yv06hdvISdEh9Y94vHiYrCIrbOoE6cNuorNaK%2b1UMOx78gn7mKyqQnzDaYX72oJpPALB/Kt5seAiJNgE%3d; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPAuth=2u1ajHu9SEyU7r6icozMSgAr*qGXuyFBYDkEjoqDGMmZW4zG4TrSByHNBy97EmoWJmtxOIeIrLe9!QJWEt3iAGyG9VjsGvEHT*S2pABXsEDAKDFePhOqlgKWl5BaQhprF!; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPProf=23RcEgnWtFDSV677vpuUwWLtPy0yRmpuAz9I2nwq
[Server-side-data]
tPKnwMD5*2jcjzTh*6A6pxIAXmvg0ywgNPgazUW!f66ytABj!bGFsrQmyvSTfMNx*aNTPS2w0BrJ3AaZ1PhsPgOKJe*8j!zPb!RDznq0GFPAU9VzUpkD2Qe*tBZXadOWOB!mpUlxijqb0ojuamN2VzkF5PM9XNv!PHFvo$; domain=.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSNPPAuth=B!753JlwaqQaroJv0XS2tjBgOnZl8O6X3gwGRcd!5zSenrrfvjCn1DPLuRbO*xNihs!eGKZpjIo1mb364hZUsYKEcr!7vfaAOOFBgcLIyC7GLoF2qT7VY*nN4RbO7ASJAeLn0Jt4Am5qznkY2nrUfimSQzHfnbB60ArsifTiB*DDj7wDJEXsuyGJG9ttcAuVY6LTE4kB29qqg4t*3My0L8sCqBCh9oemhXusFU7879aLwIgpGJgQkQRhyGM0Dz6IoOUNsaqKK5il5ySO4LwOHAilNgfr9M9rK!msDNlXLbUk1tiBsoaZJEFG0nJaNvlh6NKTrtWhHXzztIQ9hHlzo9mTjWxFXIz9Npr*Sf4zBm9*TIscp!sgcWwmRr7GzDszxu3UYXFwYaELQV7ytC3Wuiq4zgT6Poil0nUFwWi8DcckYz9hHgQzde991IQOheZQgAGUk5roYo!ZT*2HSaDQFkrdOWO8LSEFEEH!uNkknyP79fxwjsrbrz7GW2Vw; domain=.live.com;path=/;version=1
Set-Cookie: MH=MSFT; expires=Wed, 30-Dec-2037 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHW=; expires=Thu, 30-Oct-1980 16:00:00 GMT;domain=.live.com;path=/;version=1
Set-Cookie: MHList=; expires=Thu, 30-Oct-1980 16:00:00 GMT
[Server-side-data]
;domain=.live.com;path=/;version=1
Set-Cookie: ANON=A=8FD80FD77660633E48674AFAFFFFFFFF&E=64f&W=45;domain=.live.com;path=/;Expires=Mon, 23-Jun-2008 13:19:44 GMT
Set-Cookie: NAP=V=1.6&E=5f5&C=yUvDLJRwI3ukJppOX42cxmx2be3thzl02ZtOaeLDtkHRT_ivzKclhw&W=46;domain=.live.com;path=/;Expires=Sat, 15-Mar-2008 13:19:44 GMT
Set-Cookie: RPSTAuthTime=1196921984; domain=login.live.com;path=/;HTTPOnly= ;version=1
Set-Cookie: MSPVis=2$9;domain=login.live.com;path=/
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
[Server-side-data]
a
‹
[Server-side-data]
1e5
D’_o¢LGïßäýB6¦5Yñ_‹´âAE+VñgdfpDÜô»¯Æ¤{ûËIžä9çÿÿz‘ I¿¡ ö{à8Q¦H—º%ÎÁc•ûaN?ÀŒV8|zþS`
YQOîc?£4 z’#!Ò7E)Š¢1AœÔIFë€ðÏ=¦J¶g—_B×ÎN“Œ?²6Dèd+¡á[Ð>LííðuuÑøiîåv¶¸Z
§ëNUú†2‡³‘‹1yaÞ4Ÿ–®™gêòHËÁnxÚ/»(£öxÞ&nâ N«\Ãl¸is›Ó‘uS18œFM܉·ÕT×"&Éf[Œ²È‹Ã:–fÎ’ï®Z:¢e‘?—3?)Û@˜Ç¹§Â°Öj'ÜÙAd_ÇÞïÏÔ”>ýÍ,>??Ï‹+b3¦ ˜L$ëuƒŠ…V’îZ’«`R›\à€£`??!W%7ø:Có}k<Ú¤®QëL~î°ól
³š@y'rµ0ÔRß[(™Róåv¶³´lÕr¶ç¹wžñøÕîþ¨&@o6ÚÍ*†z«Êy®?Ýf«Y€ùùýëÛ¤K8Þl~õ”‡æ~Oy´°g°¬0š° êò¿Þîòßåvîô½Ÿ¿ ~_¾H
0
Wie entschlüsselt man nun das Passwort falls dies überhaupt möglich ist