Vulnerability Development mailing list archives
Re: ICQ Spoofing Question (part deux)
From: Masial <masial () SECURED ORG>
Date: Tue, 19 Sep 2000 13:59:56 -0400
<< snip >> The idea behind my question is social engineering. I am curious if it is possible to spoof being a random chatter (IE finding someone on romance of students or games) and thus being able to produce the random sub-divisivon in the list. If I get a message from someone and it is not from Random chat they merely appear as NOT IN LIST. I want to know if I can actually spoof the sub-divison on a client that says RANDOM. << /snip >> Your initial message was indeed a bit misleading on the spoofing goal. To acheive what you want, i think you might want to get the icqspoof.c source and tweak it a bit. Also, dump some TCP traffic of random chat messages and try to see if there are flags in the data to set the NOT IN LIST or RANDOM. While its possible that there are some, from the looks of it, i think this would be determined client side on the target based on your message uin. Therefore, you would have to spoof an UIN of someone with the status you intend to acheive. I belive there are some webpages out there about the ICQ protocol you might want to check too, i dont have urls however. Best luck, M. PS: html hurts my eyes.
Current thread:
- FW: ICQ Spoofing Question (part deux) Leon Rosenstein (Sep 19)
- Re: ICQ Spoofing Question (part deux) Masial (Sep 19)