Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Private IP address with yahoo messenger

from [Vivek P] Network Security [Permanent Link]
Subject: Re: Private IP address with yahoo messenger
Date: Thu, 24 May 2007 16:27:32 +0530 
hi

okie.. i think it is my mistake of incomplete understanding of the mail..

This is the way i tested it, & my answer is still yes [ you can get
the private IP]

1. You can test it using yahoo booters and an authentic yahoo id both
running from your machine, sniff the packets & create an analysis
based on that. it eill reveal the levels of security embedded by yahoo
to hide the packet information from source to target.

2.Through packet malformation you can get information of the target IP
address.Though this method is not a simple one to execute.

3. As you had specified.. by just forensic analysis, i am not sure of
a direct method, i will get back to you after reffering my database on
this side. I will also revert on the tools to you in some time from
now.

Thank you for your interest on research

--
Vivek P Nair
Vice President, Technology
Appin Knowledge Solutions
Appin Security Group
www.vivekpnair.co.nr
iamherevivek@gmail.com
vivek.p.nair@appingroup.com
d3@d Br@iN
"i thought i would change the world, But they wouldnt gimme the source Code !!"


On 5/24/07, Alcides <alcides.hercules@gmail.com> wrote: 
Hi Vivek,
Thanks for your attention.
Sorry, but I think it's not something I was expecting for.

In my question, by saying "chat session" - I mean just a "chat session".
No file transfer/ video/ voice chat. Simply typing the text in chat window.

[I]a <-------->Yahoo server(s) <-------> b[target]

A thing that comes in my mind is something that may allow me to do
thorough forensic analysis of the packets coming from target. But I'm
not very sure on what tool/s to be used and about the technique.

Hope I've made my question clear.
Warm regards.

Vivek P wrote:
> Hi
>
> I had been testing on this for quiet some time now. In versions of
> yahoo messenger before 6, when i transfer a file >2 mb and try netstat
> -a -n from CMD on windows machine, i was able to get the IP address
> (internal) of the person at the other end !!
>
> Yahoo did some patches in the latest editions but, i have been
> informed by my testing team that burp proxy can get the target IP
> (internal) if you have it installed, when using latest edition to do
> file transfer,
>
> Also when you do calls using messenger point to point connection is made.
>
> it is like
>
> normal chat
> a <-------->Yahoo server(s) <-------> b
>
> Lengthy processes (filetransfer) (calls) etc.
> a<------->Yahoo authenticates at interval<----->b
> a<------->b //Direct connection.
>
>
> I think it would help, please revert so that i can get you some video
> demonstations to prove my experiment.
>
>
> Thanx



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Private IP address with yahoo messenger, Alcides
Next by Date:  Creating API for SSS & Appscan, Vivek P
Previous by Thread:  Re: Private IP address with yahoo messenger, Alcides
Next by Thread:  Re: Private IP address with yahoo messenger, Pingu
Indexes:  [Date] [Thread] [Top] [All Lists]