Page 1 of 1

CommView - how to use - capturing and resending the packets

Posted: Sat Mar 14, 2009 4:13 pm
by Sethioz
////////////////////////////////////////////////////////////////////////

* Knowledge Database article of CommView usage is avialable ! read this first

////////////////////////////////////////////////////////////////////////

However here i will cover the part how you can use it to 'hack' some online programs (games, messengers..etc)
This is quite basic tutorial on how to capture and read packets and how to finally resend them.

1. open commview
- you will see an "play" icon and grayed out "stop" button near the left upper corner
-next to those buttons you will find a drop-down box with your network adapters in it

2. click on the drop-down box and choose your primary network adapter (if you cant see anything in it, then your network is not working properly)

3. now click on the "play" icon to start the packet capture
-click on the "packets" tab to see the packets that commview have captured (its live view)
-click on the "latest IP connections" to see the list of IPs where packets are coming from or where they going
-to stop capture click on "stop" icon/button.

4. now lets make a filter to capture packets from specific application. i will take MSN as example.
-click on the "rules" tab (TAB not the menu)
-choose "process"
-enable process fules
-now choose "capture"
-into the box type "msnmsgr.exe"
-click on "add process name"
-huh ? why "msnmsgr.exe" ? where it came from ?
-relax, press "alt+ctrl+del" to open process manager
-from there find the MSN process name, there you will see it is "msnmsgr.exe"

5. now go back into "packets" tab
-right click and choose "clear packet buffer"
-now go into msn and open a chat window with somebody
-say something. say "Hey" for example
-you will notice some packets in commview's "packets" tab
-now click "ctrl+f" in packets tab to open search
-search for "Hey"
-you will see that it pops on the packet
-right click that packet and click on "Reconstruct TCP session"
-window will open, it will show you the content of that packet, which will look like this:

Code: Select all

USR 6 [email protected] 1992966479.1503914.198100245
USR 6 OK [email protected] YourDisplayName
CAL 7 [email protected]
CAL 7 RINGING 1992966479
JOI [email protected] . 2254291004
MSG 5 N 123
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-MMS-IM-Format: FN=Tahoma; EF=; CO=b70085; CS=0; PF=22

Hey
-This is the MSN protocol, at bottom you can see the message you sent.
-This covers the packet reading part

6. How to make more filters / rules to capture only MSN chat
-for example in MSN you have to first analyze the packet, like the example i gave
-there is no certain way to do that, so you have to do it your way
-here's what i did:
-I took the part with "MSG " (MSG + space behind it)
-why with space ?
-because LOTS of packets in msn protocol probably contain "MSG" so you have to include space.
-now under "Rules" tab choose 'Advanced Rules' - "Formulas"
-into "Name" field type the name of your rule (it can be whatever you want it to be, i wrote "msg")
-into "Formula" type

Code: Select all

str(MSG )
-huh ? ok ill explain it. "str" stands for string (in other words its the TEXT rule)
-after "str" comes (), inside ( ) you will put your text you want to ignore or capture.
-now choose "capture packets (inclusive)"
-click on "Add/Edit"
-Now your CommView will capture all packets that contains the text "MSG "
-you can easily make such rules for any application to capture only the part you need OR ignore the part you dont want to see
-for the HELP with the Formulas click on that Icon with ? mark on it, it is next to the "Formula:" input field
-there you can see the explaination for all Forumulas available for commview, you can also comine them, but i will not cover that part here.

7. How to resend a packet / packets and how to save packet / packets
-to save a packet/packets. simply select packet and drag it onto your desktop or any other folder (it may not work in vista)
-if you want to select multiple packets, either HOLD down "CTRL" key and choose packets by clicking on them or just drag over multiple packets and then drag them all on desktop.
-to load them, drag the file into commview again, this will open the log viewer with your packet/s in it.
-to resend a packet / packets
-choose the packet / packets you want to send, then simply right click on them and choose "Send packet(S)" from there choose either "selected" or "all"
-now window opens, choose the options you want and hit the "Send" button
-NOTE that you have to be on "capture mode" to be able to send packets.

Re: CommView - how to use - capturing and resending the packets

Posted: Wed Jun 03, 2009 12:55 pm
by 54321
i know this a bit off subject but can you some how make a hace for Facebook (Texeshold;em Poker) i tried your Commview but then relised that its not using EXE its running on iexplorer

Any help would be nice

Re: CommView - how to use - capturing and resending the packets

Posted: Wed Jun 03, 2009 5:06 pm
by Sethioz
1. do not use iexplorer, its the worst thing you can do
2. use firefox and capture firefox.exe (you can do iexplorer.exe too, but it sends and recieves all other spy- crap too, so you never know what is what)
3. you can't really tamper with such programs, because they use SSL (secured connection), ive looked into it a lil, but problem is that i couldnt decrypt the encryption on the fly..so i can't really see into the packets.

Re: CommView - how to use - capturing and resending the packets

Posted: Fri Jan 01, 2010 8:36 pm
by 54321
how would you start to decrypt the encryption

Re: CommView - how to use - capturing and resending the packets

Posted: Sun Jan 03, 2010 7:49 pm
by Sethioz
well honostly i have to tell you i do not know details and commview can't do that, this is wrong topic for this, but in short, you need to look into Wireshark (google it).
there are some great tutorials (or not so great) in google which will tell you how to decrypt the "conversation" that is encrypted. i was trying to decrypt pokerstars, but it is not as easy as 123. wireshark can't do that in real time i think or if so, then you still need to find encryption key first. there was some ebook that explained it, with examples from partypoker.

Re: CommView - how to use - capturing and resending the pack

Posted: Sun Jun 26, 2011 7:07 pm
by ronokae
Wow extremely nice I just found this today O.o Seth MSN more >.>
I had something to show you but it's gone now >.>

Re: CommView - how to use - capturing and resending the pack

Posted: Thu Apr 26, 2012 2:11 am
by AMAGAF
How would I know which commview to download? does it make a difference really or do they all pretty much do the same thing?
A recomendation would be cool :-)

Re: CommView - how to use - capturing and resending the pack

Posted: Thu Apr 26, 2012 11:36 am
by Sethioz
earlier versions have less options so obviously you need latest.