CommView - how to use - capturing and resending the packets

all kinds of tutorials and guides. how, where, why, step-by-step stuff and more. also support for those tutorials and guides. ONLY post step-by-step guides/tutorials here OR reply with question if you have any.

CommView - how to use - capturing and resending the packets

Postby Sethioz » Sat Mar 14, 2009 4:13 pm

////////////////////////////////////////////////////////////////////////

* Knowledge Database article of CommView usage is avialable ! read this first

////////////////////////////////////////////////////////////////////////



However here i will cover the part how you can use it to 'hack' some online programs (games, messengers..etc)
This is quite basic tutorial on how to capture and read packets and how to finally resend them.

1. open commview
- you will see an "play" icon and grayed out "stop" button near the left upper corner
-next to those buttons you will find a drop-down box with your network adapters in it

2. click on the drop-down box and choose your primary network adapter (if you cant see anything in it, then your network is not working properly)

3. now click on the "play" icon to start the packet capture
-click on the "packets" tab to see the packets that commview have captured (its live view)
-click on the "latest IP connections" to see the list of IPs where packets are coming from or where they going
-to stop capture click on "stop" icon/button.

4. now lets make a filter to capture packets from specific application. i will take MSN as example.
-click on the "rules" tab (TAB not the menu)
-choose "process"
-enable process fules
-now choose "capture"
-into the box type "msnmsgr.exe"
-click on "add process name"
-huh ? why "msnmsgr.exe" ? where it came from ?
-relax, press "alt+ctrl+del" to open process manager
-from there find the MSN process name, there you will see it is "msnmsgr.exe"

5. now go back into "packets" tab
-right click and choose "clear packet buffer"
-now go into msn and open a chat window with somebody
-say something. say "Hey" for example
-you will notice some packets in commview's "packets" tab
-now click "ctrl+f" in packets tab to open search
-search for "Hey"
-you will see that it pops on the packet
-right click that packet and click on "Reconstruct TCP session"
-window will open, it will show you the content of that packet, which will look like this:

Code: Select all
USR 6 [email protected] 1992966479.1503914.198100245
USR 6 OK [email protected] YourDisplayName
CAL 7 [email protected]
CAL 7 RINGING 1992966479
JOI [email protected] . 2254291004
MSG 5 N 123
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Tahoma; EF=; CO=b70085; CS=0; PF=22

Hey


-This is the MSN protocol, at bottom you can see the message you sent.
-This covers the packet reading part

6. How to make more filters / rules to capture only MSN chat
-for example in MSN you have to first analyze the packet, like the example i gave
-there is no certain way to do that, so you have to do it your way
-here's what i did:
-I took the part with "MSG " (MSG + space behind it)
-why with space ?
-because LOTS of packets in msn protocol probably contain "MSG" so you have to include space.
-now under "Rules" tab choose 'Advanced Rules' - "Formulas"
-into "Name" field type the name of your rule (it can be whatever you want it to be, i wrote "msg")
-into "Formula" type
Code: Select all
str(MSG )

-huh ? ok ill explain it. "str" stands for string (in other words its the TEXT rule)
-after "str" comes (), inside ( ) you will put your text you want to ignore or capture.
-now choose "capture packets (inclusive)"
-click on "Add/Edit"
-Now your CommView will capture all packets that contains the text "MSG "
-you can easily make such rules for any application to capture only the part you need OR ignore the part you dont want to see
-for the HELP with the Formulas click on that Icon with ? mark on it, it is next to the "Formula:" input field
-there you can see the explaination for all Forumulas available for commview, you can also comine them, but i will not cover that part here.

7. How to resend a packet / packets and how to save packet / packets
-to save a packet/packets. simply select packet and drag it onto your desktop or any other folder (it may not work in vista)
-if you want to select multiple packets, either HOLD down "CTRL" key and choose packets by clicking on them or just drag over multiple packets and then drag them all on desktop.
-to load them, drag the file into commview again, this will open the log viewer with your packet/s in it.
-to resend a packet / packets
-choose the packet / packets you want to send, then simply right click on them and choose "Send packet(S)" from there choose either "selected" or "all"
-now window opens, choose the options you want and hit the "Send" button
-NOTE that you have to be on "capture mode" to be able to send packets.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: CommView - how to use - capturing and resending the packets

Postby 54321 » Wed Jun 03, 2009 12:55 pm

i know this a bit off subject but can you some how make a hace for Facebook (Texeshold;em Poker) i tried your Commview but then relised that its not using EXE its running on iexplorer

Any help would be nice
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: CommView - how to use - capturing and resending the packets

Postby Sethioz » Wed Jun 03, 2009 5:06 pm

1. do not use iexplorer, its the worst thing you can do
2. use firefox and capture firefox.exe (you can do iexplorer.exe too, but it sends and recieves all other spy- crap too, so you never know what is what)
3. you can't really tamper with such programs, because they use SSL (secured connection), ive looked into it a lil, but problem is that i couldnt decrypt the encryption on the fly..so i can't really see into the packets.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: CommView - how to use - capturing and resending the packets

Postby 54321 » Fri Jan 01, 2010 8:36 pm

how would you start to decrypt the encryption
54321
Forum user
Forum user
 
Posts: 74
Joined: Wed Jun 03, 2009 12:30 pm

Re: CommView - how to use - capturing and resending the packets

Postby Sethioz » Sun Jan 03, 2010 7:49 pm

well honostly i have to tell you i do not know details and commview can't do that, this is wrong topic for this, but in short, you need to look into Wireshark (google it).
there are some great tutorials (or not so great) in google which will tell you how to decrypt the "conversation" that is encrypted. i was trying to decrypt pokerstars, but it is not as easy as 123. wireshark can't do that in real time i think or if so, then you still need to find encryption key first. there was some ebook that explained it, with examples from partypoker.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: CommView - how to use - capturing and resending the pack

Postby ronokae » Sun Jun 26, 2011 7:07 pm

Wow extremely nice I just found this today O.o Seth MSN more >.>
I had something to show you but it's gone now >.>
ronokae
Allie
Allie
 
Posts: 83
Joined: Mon Jan 03, 2011 10:01 pm

Re: CommView - how to use - capturing and resending the pack

Postby AMAGAF » Thu Apr 26, 2012 2:11 am

How would I know which commview to download? does it make a difference really or do they all pretty much do the same thing?
A recomendation would be cool :-)
AMAGAF
Newbie..
Newbie..
 
Posts: 6
Joined: Sun Apr 15, 2012 1:22 am

Re: CommView - how to use - capturing and resending the pack

Postby Sethioz » Thu Apr 26, 2012 11:36 am

earlier versions have less options so obviously you need latest.
User avatar
Sethioz
Admin
Admin
 
Posts: 4753
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to Tutorials / Guides

Who is online

Users browsing this forum: No registered users and 1 guest