Solved

"sniffing" an application

Posted on 2006-07-22
15
579 Views
Last Modified: 2010-04-05
hi experts,
is possible to "sniff" an application, ( i dont think the sniff word is correct)
eg internet explorer and log when someone is trying to access a specific website and if trying to login somwhere?
by capturing user and pass fields.

i have no negative intentions!
just learning.

please help, i have no idea
0
Comment
Question by:xapsx
  • 5
  • 3
  • 2
  • +2
15 Comments
 
LVL 5

Assisted Solution

by:Scay7
Scay7 earned 70 total points
Comment Utility
you say you have no bad intentions but...
*
trying to login somwhere?
by capturing user and pass fields.
*
This can be used to do bad things, very infact.

I mean we could give code but you could just as easily use it to do bad, though your intention shown
here is otherwise.

Id suggest you your self go look for a keyboard hook of some sort...

Peace Gav
0
 

Author Comment

by:xapsx
Comment Utility
hi gav, that doesnt help me.
i want to sniff an application eg the internet explorer and log if im visiting a specific website and then log if i send any data like user and password
i dont do bad things. no negative intentions at all

im just learning. im bored about this bad things and negative intentions. if you dont wanna help . its ok. bye
0
 

Author Comment

by:xapsx
Comment Utility
i don't need the full source codes.
i think i can manage the shell hook and keyboard hook on my own, but what i didn't get yet is how to see if someone is trying to send data from internet explorer or any other browsers.

i'm developing a tool for personal purposes only to see what is going on my system. for security reasons
Gav your help would be appreciated.
thanks.
0
 
LVL 5

Assisted Solution

by:Scay7
Scay7 earned 70 total points
Comment Utility
Well if you can manage the keyboard hook, you can write the procecure to do something like this...
together with a timer that make sure that IE is still open...

var
ckey_log : boolean

If the hook starts showing the key "h" then start
procedure xxx;
begin
if ckey = 'h' then
if ckey = 't' then
if ckey = 't' then
if ckey = 'p' then
if ckey = ':' then
if ckey = '/' then
begin
  if ckey_log = true then
  begin
  //start logging
  end;
end;
end;
     
procedure timercheck;
begin
//here you write some form of timer that checks if the internet explorer window is still open
if open = true then ckey_log := true;
if open = false then ckey_log := false;
//this way you dont log everything that the keyboard types, except when IE is open...
end;
0
 

Author Comment

by:xapsx
Comment Utility
dear kretzschmar that's not good.
i know you're the best delpher here.
but i disagree with this sentence:  "doesn't matter, if you have bad/good intention for ask for"    
and i think you refer to this point:  Introducing viruses, worms, harmful codes or Trojan horses.    
im a premium member from almost 2 years, and i wonder what the "doesnt matter" means for you.  
as i told you i dont need it to spy user and password with negative intentions. im learning.
(so that "doesnt matter" seems like you dont give respect to me).    
if any other one will use it for spy user and password is not my problem.  
of course that code could appears nocive (and i agree with you), but if you care such codes tends to be used for security too.  
therefore i'm trying to develop a security application.

not good. not good.
0
 
LVL 6

Assisted Solution

by:pritaeas
pritaeas earned 35 total points
Comment Utility
xapsx, you may not have these intentions, but maybe other users have. They will be able to read and use your solution here. And that is something that may not happen. They're just being protective, it has nothing to do with respect, it's nothing personal.

Just my thoughts, pritaeas
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 17

Assisted Solution

by:Wim ten Brink
Wim ten Brink earned 70 total points
Comment Utility
I agree with kretzschmar on this point. Even if the original member has no bad intentions with this code, it could still give some other members some bad ideas about some "fun" things they can do with a bit of programming.
I myself mostly work on security issues and I have to circumvent all these tricks other programmers can do to get access to sensitive information. The first rule is the Microsoft way: security by obfuscation. And while it's far from secure, it does stop newbies from trying to write their own spyware within 15 minutes or so.
It's a knife that cuts both ways. Keeping this information hidden makes it more difficult for security experts to know all the risks. But it also makes harder for the hackers to get the information they're looking for.

One other thing to remember. There are probably as many security experts as 'evil' hackers out there. But they both have their own resources for this kind of information. The main problem are the inexperienced programmers who are just trying to crack security just for fun, and who'se work might be used by some for some not-so-good projects...

So kretzschmar, well said! I support your decision. Not that it matters, but still... :-)
0
 

Author Comment

by:xapsx
Comment Utility
i disagree with you.
that's just your point of view, because the code isn't just "harmful" but it could be used for security (or fun) reasons too, then i think the rule you're trying to impose is wrong.
in this way you are forbidding me and all users who use code for good intentions to learn and get help.
i think "experts-exchange" has been made in order to help peoples.
that's not good..  where will i ask for help now?
0
 
LVL 4

Assisted Solution

by:David_Ward
David_Ward earned 75 total points
Comment Utility
You could always try the approach taken by the majority of security based developers.

Do your own research, the information you are looking for is "out there" you just have to put a little effort into finding it. just like, literally, thousands of other developers.

0
 
LVL 4

Accepted Solution

by:
David_Ward earned 75 total points
Comment Utility
// That said, I offer you this, it will check that at least one instance of InternetExplorer is running


// find IEFrames, this is all you should need to detect that InternetExplorer is running
var
  IEisRunning:      Boolean; // global variable

Function MyEnumWindows_IE_CallBack(AWnd: Thandle): boolean; stdcall;
var
  cname:    array[0..255] of char;
begin // EnumCallBack which looks for ... IEFrames
  GetClassName(AWnd,cname,256);

  if trim(uppercase(String(pchar(@cname))))='IEFRAME' then
    IEisRunning:=True;

  Result:=not IEisRunning; // result=true="enumming, enumming, just keep enumming" ...
end;

Function IsInternetExplorerRunning: Boolean; // Just call this ...
begin
  IEisRunning:=False;
  EnumWindows(@MyEnumWindows_IE_CallBack);
  Result:=IEisRunning;
end;

0
 
LVL 17

Assisted Solution

by:Wim ten Brink
Wim ten Brink earned 70 total points
Comment Utility
What I think the moderators are trying to avoid here is that EE gets overrun by wannabee hackers who are using all the information here to create their own nasties. Some of it might indeed be fun but others can abuse the information provided here in some real nasty ways. For securite specialists there are many other resources available but this information has slightly better control since it's often not given free of charge.

Furthermore, the risk of accidently making some misbehaving application tends to be slightly bigger than you think. I have seen one application which used a keyhook to capture the keystrokes but unfortunately the hook DLL did not just install itself in the required process but in each and every process running on the system, which resulted in unexplainable system crashes, blue screens and worse, a considerable amount of lost data. Simply because of one wrong API call. To make it worse, this code was part of some cheap commercial product which was sold for $29 per license and it was about to be sold to thousands of customers before this bug was reported in the last minute.

If accidental misuse can result in such kinds of damage then you can imagine that we want to keep this information a bit private. If the Windows security had been more secure then this information would not be harmful. As it is now...

Btw, I've been an EE member for longer than I can remember (but I blame my bad memory for that) and in general many experts tend to be very cautious around these kinds of questions.
0
 

Author Comment

by:xapsx
Comment Utility
ok noproblem
0
 
LVL 17

Expert Comment

by:Wim ten Brink
Comment Utility
@jimhorn, Visual baisc? Is baisc a new programming language? :-P

Uhoh... Page editors can probably edit their own posts... :-) Oh, well...

Still, jimhorn does give some good advise here. Try Google instead. Then again, you might end up with dozens of links to EE where you will read similar answers to this one.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
PDF library for Delphi 2 89
Newbie Thread Programming 1 116
Help on project with Soap 10 42
Downloading email attachments 2 54
This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Introduction I have seen many questions in this Delphi topic area where queries in threads are needed or suggested. I know bumped into a similar need. This article will address some of the concepts when dealing with a multithreaded delphi database…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now