Re: Private IP address with yahoo messenger

["Vivek P" <iamherevivek () gmail com>]

hi

okie.. i think it is my mistake of incomplete understanding of the mail..

This is the way i tested it, & my answer is still yes [ you can get
the private IP]

1. You can test it using yahoo booters and an authentic yahoo id both
running from your machine, sniff the packets & create an analysis
based on that. it eill reveal the levels of security embedded by yahoo
to hide the packet information from source to target.

2.Through packet malformation you can get information of the target IP
address.Though this method is not a simple one to execute.

3. As you had specified.. by just forensic analysis, i am not sure of
a direct method, i will get back to you after reffering my database on
this side. I will also revert on the tools to you in some time from
now.

Thank you for your interest on research

--
Vivek P Nair
Vice President, Technology
Appin Knowledge Solutions
Appin Security Group
www.vivekpnair.co.nr
iamherevivek () gmail com
vivek.p.nair () appingroup com
d3@d Br@iN
"i thought i would change the world, But they wouldnt gimme the source Code !!"


On 5/24/07, Alcides <alcides.hercules () gmail com> wrote:
> Hi Vivek,
> Thanks for your attention.
> Sorry, but I think it's not something I was expecting for.
>
> In my question, by saying "chat session" - I mean just a "chat session".
> No file transfer/ video/ voice chat. Simply typing the text in chat window.
>
> [I]a <-------->Yahoo server(s) <-------> b[target]
>
> A thing that comes in my mind is something that may allow me to do
> thorough forensic analysis of the packets coming from target. But I'm
> not very sure on what tool/s to be used and about the technique.
>
> Hope I've made my question clear.
> Warm regards.
>
> Vivek P wrote:
> > Hi
> >
> > I had been testing on this for quiet some time now. In versions of
> > yahoo messenger before 6, when i transfer a file >2 mb and try netstat
> > -a -n from CMD on windows machine, i was able to get the IP address
> > (internal) of the person at the other end !!
> >
> > Yahoo did some patches in the latest editions but, i have been
> > informed by my testing team that burp proxy can get the target IP
> > (internal) if you have it installed, when using latest edition to do
> > file transfer,
> >
> > Also when you do calls using messenger point to point connection is made.
> >
> > it is like
> >
> > normal chat
> > a <-------->Yahoo server(s) <-------> b
> >
> > Lengthy processes (filetransfer) (calls) etc.
> > a<------->Yahoo authenticates at interval<----->b
> > a<------->b //Direct connection.
> >
> >
> > I think it would help, please revert so that i can get you some video
> > demonstations to prove my experiment.
> >
> >
> > Thanx