Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Hacking webconferencing ?

from [ROB DIXON] Network Security [Permanent Link]
Subject: Re: Hacking webconferencing ?
Date: Thu, 18 May 2006 15:20:42 -0400 
sort of MITM attack


Arp poisoning? Cain and Able


with/out encrypting the flow


Without "de" crypting?


I did this once, Arp poisoned with Cain and Able(free) and I had Give Me
Too(free) running(captures IM, pop3, http, ftp, and other info)


I was simply using this combo to sniff traffic. Interesting enough, Give
Me Too was capturing pieces of a webconference from one pc. I got some
side bar chat and some of the rendered pages.

Sorry, I dont remember which Web Conferencing application it was though.

But that combination will capture some of the session. Maybe enough to
prove a point. 

Even though the program will say that this folder contains AIM data and
this one has MSN data, etc,etc, Look in those folders anyway, as there
may be some interesting captures there also.

I have seen Yahoo chat logged into the Telnet capture section of Cain
and Able. Funky eh?


Robert L. Dixon,  C|HFI
State of West Virginia's 
West Virginia Office of Technology
Infrastructure Applications
Netware/GroupWise Administrator
------------------------------------------
If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke

"MARTIN Benoni" <benoni.martin@arcelor.com>  >>>

Hi list !

I was wondering if someone has any experience in hacking a webconference
over the web (sort of MITM attack, with/out encrypting the flow).

I'm currently working on a such a project, so any feedback, clue, ...
will be highly appreciated !

Thanks in advance folks !

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application
security
assessment by leading market research firm. Watchfire's AppScan is the
industry's first and leading web application security testing suite, and
the only solution to provide comprehensive remediation tasks at every
level of the application. See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and 
the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Comparison report on web app security scanners, Zaninotti, Thiago
Next by Date:  Re: Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1, Amit Klein (AKsecurity)
Previous by Thread:  Hacking webconferencing ?, MARTIN Benoni
Next by Thread:  Article of Authz and Auth and upcoming IEEE on Web Security, Mark Curphey
Indexes:  [Date] [Thread] [Top] [All Lists]