FlashChat, Peekshows.com

[RavenFox]

Hi,
I've seen your vid on hacking flash chats. I have a challenge for you, there is sexcam site (everything is flash based both chat and video) that i go to sometimes and it would be awesome to log in as admin in there. Most admins on that site are real a*holes and scum of this earth. It would be nice to at least make them somewhat confused. Plus the chicks are great, although my goal is not to mess with them, they are there to make a living. Anywho, the site is peekshows.com. There are several backdoors to the girls' rooms, where you dont need any logins, although chatting this way will make your nick and text show up in grey color. Regular users (members) have white chat nicks, yellow are members that pay for unique nick, green is for admins, and red are the models(girls). This is a backdoor link: http://www.cyberfoxes.net/chat/peekshow.html although its possible to go direcly via peekshows.com but I think they take away chatting option (which is easily fixable, I remember using BurpSuite to tamper that) and same as with a backdoor you'll end up chatting in grey.

So the goal here is to be able to change your nick color.

Go ahead and watch some girls, on this site some of them show alot even in free chat, also some are great to chat with. See if there is anything that can be done to change nick and your own chattext colors. I know there is a list of chatters that admins and the models have, which dont show up for other chatters, so it would be a good idea if that could be enabled in order to prevent being in the same room with a real admin while experimenting. As a matter in fact theres a software they use to log in, both the models and admins, that I have laying around somewhere and I can send it to you if you find it necessary.

Oh, and if this turns up to be a lot of work, I might consider making certain donations
Tell me what you think, it's all good.

Jake

[Sethioz]

umm i took a quick look and it seems that it is using completely different system. On some reason i can't even see the "post" requests. I did saw the packet, but it only contained "msg blah". Either it's using something else than firefox.exe (your browser) to communicate or there's something wierd going on. I think ill try few other things there when i have mood for this stuff. site doesn't even use cookies, kind a wierd (at least not chat)

donations are always nice, but im not saying like .. give me 10€ and ill make it. if you willing to donate its good, but no warrantys at all. this is why its donation button
ill update it once i take a good look in the system.

[RavenFox]

Thank you for considering this. I hope you'll find it interesting enough.

[RavenFox]

Either it's using something else than firefox.exe (your browser) to communicate or there's something wierd going on.

Yea, I think most stuff is handled by the "Voyeur-3.4.1.swf" file which is the current version they use. Try to decompile it, there is loads of interesting stuff in there. I used Sothink, but I hope you maybe know a better swf decompiler, and emmidietely I saw some things that could be changed to "improve" it a little bit Although I'm still nowhere near changing nick colors. Also, how can I compile the "improved" version, and fool my browser to use that one instead of downloading the real one from the site?

See ya

Jake

[Sethioz]

umm no thats not what im talking about. Why would you even want to mess with the flash ? Im talking about the packets and tampering with them. Im not much of a modder/editor, i just hack into the things and tamper with them, like the chatrooms i made hacks for. that also includes msn (i made my own /crash command, which crashes the person you talk to when you enter it).

I was trying to intercept the packets, but i couldn't see anything when i intercepted firefox.exe. Im seeding some torrents so i can't really capture all packets, because it would be MASSIVE. also webscarab did not even intercept the POST command when i said something. even on forum (here) when you press a button, then webscarab will intercept it and allow you to tamper with the packet before its sent, this is where the magic is but on that site i saw nothing at all, just don't get it hmmm. Maybe because it uses some kind of encryption and does not have such commands (acts like a game or something). that would explain why i cant see the interception.

If you want to use your own version, then you cant fool the browser to use it (not the default browser anyways), but you can simply open your own file with flash player and it will work. Maybe thats what i need to do, open the damn thing in flash player instead and intercept that.

[Sethioz]

No wonder i found nothing, it is all client site YOU can choose what colors you have. so there is nothing to do.
I opened the thing in my flash player and checked few things, here's the screenshot of it:

[RavenFox]

Well yea, you get to change the default colors if you want, but that only affects how colors APPEAR on your side, it doesn't affect how you are SEEN by the others in the chat. You still get LABELED as a guest, member, admin or a model depending on your site status.

Btw, this is probably a stupid question, but how did you get to open your Adobe flash player with a GUI visible on it?

Any tips on how to compile a decompiled flash code?

Thanks, see ya

[Sethioz]

no. colors are client side. every person chooses the way they see it. only the status or tag or whatever can be shown, but you can change your name with "/nick" command. Dont think there is something you can do.
only way is to steal model's cookie and then login as model, but thats something else already. you can google for a simple cookie editor. i tried few of those simple cookie stealers, but none of them worked.
first get it working on some freehosting by directly going to the stealer and then you can try to put it into a pic's code..etc. use javascript to send it. it should be explained on those guides and its quite easy...only thing that on some reason it never worked for me DOH.

compile flash code...i tought you can make it with a FLASH. I have Flash CS4 Professional, which includes the stand alone player. actually it all came with the Adobe CS4 Master Collection, but you can get it seperatly too. With Adobe Flash CS4 you can make your own flash based stuff.

[RavenFox]

I just had some time to play with this again. Not much new except that I'm able to see the packets sent by the flash app. I'm using SmartSniff, I bet Wireshark works just as well. I now know what code they use to mark text in different colors, its easy to see( PM me if you need me to tell you ). The question is how to intercept and modify the packets. I think ettercap can do this, do you have more experience with it?

See ya

[Sethioz]

I don't discuss such things on PM.
now i got the point, you mean for example if girl's color is set to "YELLOW" then you can speak as "YELLOW" too ? I don't know what kind of tools you are using, but CommView is the best option. for intercepting use WebScarab (POST didn't work, but it has more options).
because lack of interest i haven't looked into it anymore.

[RavenFox]

now i got the point, you mean for example if girl's color is set to "YELLOW" then you can speak as "YELLOW" too ?

No, if you monitor the packets you can see they use numbers to mark the text you are sending/receiving. The number between pipes (||) marks the text to show up as admin text, user text, model text or else. The fact that you can setup colors client-side for each one of these is a whole different matter.

I don't know what kind of tools you are using, but CommView is the best option. for intercepting use WebScarab (POST didn't work, but it has more options).

I'll look into CommView. I don't think WebScarab can be useful there, just like BurpSuite that Im using, coz those are http tools and this flash app is using tcp. Correct me if I'm wrong.

[Sethioz]

this is exactly what i meant, if your "admin" text is set to YELLOW, then only thing that matters is that its admin text. first i tought that it has no difference and its only client side, but now i got the idea. i wasnt even talking about that, what i meant is that NOW i got the whole idea of this and understood what exactly you wanted to do.

what does HTTP has to do with TCP ? as far as i know, all chatrooms use TCP. TCP is lossless, if packet gets lagged then it is held back until its possible to send it, however UDP is something that games use. so if therse few packets missing, then what happens is the common latency (lag).
http can use both, UDP and TCP, so i dont see why you brought this up. some multiplayer flash games can use UDP for example.
for example webscarab works just fine on chatrooms and as mentioned before, as far as i know all chat applications use TCP.

However if you want something more complex, then you can use proxocket
it uses .dll injection to either monitor or intercept packets. you can also write filters and then place your custom .dll into the folder of application. so this can be used to make permanent changes.
i used this on Flashchat to get permanent admin privileges, i used it to insert the needed string into the "message" packet, so each message packet had the admin privileges. you can use this to modify the numbers and get the admin color all the time.

UDP packet - may arrive out of order, appear duplicated, or go missing without notice
TCP packet