Renk
12.03.10, 13:55
Seems amazing:
oSpy is a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it’s easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Here is a simple test on how oSpy decrypts the SSL packet and display it in clear text.
1. I opened Maybank2u login webpage which has SSL.
2. I attached iexplorer.exe process to oSpy and start capturing the packets. Press F5 in oSpy, chose iexplorer.exe and click Start to start capturing packets on Internet Explorer.
3. I typed the username and password on the Maybank2u login page and click the login button.
4. oSpy shows the username and password that I typed in clear text!
Spying Windows Software by Sniffing and Decoding Packets including SSL with oSpy Raymond.CC Blog (http://www.raymond.cc/blog/archives/2010/03/09/spying-windows-software-by-sniffing-and-decoding-packets-including-ssl-with-ospy/)
oSpy is a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it’s easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Here is a simple test on how oSpy decrypts the SSL packet and display it in clear text.
1. I opened Maybank2u login webpage which has SSL.
2. I attached iexplorer.exe process to oSpy and start capturing the packets. Press F5 in oSpy, chose iexplorer.exe and click Start to start capturing packets on Internet Explorer.
3. I typed the username and password on the Maybank2u login page and click the login button.
4. oSpy shows the username and password that I typed in clear text!
Spying Windows Software by Sniffing and Decoding Packets including SSL with oSpy Raymond.CC Blog (http://www.raymond.cc/blog/archives/2010/03/09/spying-windows-software-by-sniffing-and-decoding-packets-including-ssl-with-ospy/)