Jariee
Aantal berichten : 11 Points : 33 Registratiedatum : 2013-01-20 Leeftijd : 26
| Subject: Skype IP Grabber [Windump] by Jariee Sun Jan 20, 2013 1:46 am | |
| Windump is simply the Windows version of Tcpdump. The process can easily be replicated in any *nix system.
This tutorial allows you to understand Skype a bit more, and in the process actually learn something. What any party does with the IP is that party's responsibility.
This process could potentially be used for any other messager.
Install:
[You must be registered and logged in to see this link.]
1) Follow the directions in the above link and install the program.
2) Open up your terminal and navigate to the Windump.exe
If you were unable to do the steps, you do not belong here. If you managed to use the magical "Google" to discover what you did not understand previously, I congratulate you and present to you this tutorial.
Basic Setup:
1) Code: Windump -D This will list your adapters/interfaces. You will be able to recognize your adapter usually, however if you are unable to do so, merely use the process of elimination. 2) Code: Windump -i 1 This command uses the specified interface, if the above command does not return any output then go through all the numbers, one by one, listed by Windump -D.
Now that you know the basics of Windump/Tcpdump you are ready for Skype.
Skype:
Some of your friends will be "supernodes", these friends will be performing three-way handshakes via TCP. This will enable you to easily capture their IP in say, a Windows Firewall log. Hint: Windows Firewall with Advanced Security. (Control Panel)
UDP packets that mark messages sent and file transfer prompts are not usually logged unless the Skype servers are heavily congested and rerouting your traffic.
After a couple hours of logging various types of Skype traffic via the Windows Firewall log and a friend who allowed you his/her IP. You'll come to the same conclusion I did.
Code: UDP source net [subnet address] source port [incoming connection port]
UDP source net [subnet address] source port 4400
UDP destination net [subnet address] destination port [incoming connection port]
UDP destination net [subnet address] destination port 4400 These simply show where a packet is coming (source) from or where it is headed to (destination).
The port 4400 is sometimes used for file transfers. The incoming connection port for Skype can be found in Tools > Options > Advanced > Connection You may wish to change this port if it conflicts with existing programs. Uncheck use port 80 and 443.
Example: Code: UDP source net 192.168.1.102 source port 37892
UDP source net 192.168.1.102 source port 4400
UDP destination net 192.168.1.102 destination port 37892
UDP destination net 192.168.1.102 destination port 4400
Now, you may wonder as to how the hell are you supposed to know where these packets are going or coming from. This is where Windump comes in.
Filter:
Code: src net 192.168.1.102 and src port 37892 || src net 192.168.1.102 and src port 4400 || dst net 192.168.1.102 and dst port 37892 || dst net 192.168.1.102 and dst port 4400 You will, of course, need to change the filter to match your settings.
How to use it? Code: Windump -n -i 4 src net 192.168.1.102 and src port 37892 || src net 192.168.1.102 and src port 4400 || dst net 192.168.1.102 and dst port 37892 || dst net 192.168.1.102 and dst port 4400 -n means Windump will not resolve the host names and -i 4 means it will use the 4th interface. Change the interface number, subnet address, and port to match yours and voila.
Note:
I recommend that you test the filter on a friend first so that you can figure out what certain actions send what size of packet and how to differentiate their ip from skype's servers. If you feel that the friend will not trust you, then do not mention the filter to them. Simply have them accept a file transfer and you will know their ip (trust me, just watch the filter).
As you become more adept at identifying the packets you'll be able to retrieve their ip simply via chat messages that you send and are received by your target.
I should also mention that the port they connect to you, if it is not 80, 443, or 4400, it is their incoming port for skype. This port will not change and once you know it, the process becomes even more trivial.
I hope you enjoyed the tutorial, but most importantly, I hope you learned something. And I don't understand why this got moved to / Hacking Tools and Programs / Blink | |
|