WebApp Sec mailing list archives
Re: Hacking webconferencing ?
From: "ROB DIXON" <RDIXON () workforcewv org>
Date: Thu, 18 May 2006 15:20:42 -0400
sort of MITM attack
Arp poisoning? Cain and Able
with/out encrypting the flow
Without "de" crypting? I did this once, Arp poisoned with Cain and Able(free) and I had Give Me Too(free) running(captures IM, pop3, http, ftp, and other info) I was simply using this combo to sniff traffic. Interesting enough, Give Me Too was capturing pieces of a webconference from one pc. I got some side bar chat and some of the rendered pages. Sorry, I dont remember which Web Conferencing application it was though. But that combination will capture some of the session. Maybe enough to prove a point. Even though the program will say that this folder contains AIM data and this one has MSN data, etc,etc, Look in those folders anyway, as there may be some interesting captures there also. I have seen Yahoo chat logged into the Telnet capture section of Cain and Able. Funky eh? Robert L. Dixon, C|HFI State of West Virginia's West Virginia Office of Technology Infrastructure Applications Netware/GroupWise Administrator ------------------------------------------ If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
"MARTIN Benoni" <benoni.martin () arcelor com> >>>
Hi list ! I was wondering if someone has any experience in hacking a webconference over the web (sort of MITM attack, with/out encrypting the flow). I'm currently working on a such a project, so any feedback, clue, ... will be highly appreciated ! Thanks in advance folks ! ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire named worldwide market share leader in web application security assessment by leading market research firm. Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c -------------------------------------------------------------------------- ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire named worldwide market share leader in web application security assessment by leading market research firm. Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c --------------------------------------------------------------------------
Current thread:
- Hacking webconferencing ? MARTIN Benoni (May 18)
- <Possible follow-ups>
- Re: Hacking webconferencing ? ROB DIXON (May 18)