Re: sniffing X traffic.

From: Mike Craik (bovineat_private)
Date: Sun Aug 12 2001 - 18:07:09 PDT

  • Next message: Anders Thulin: "Re: sniffing X traffic."

    Power Steve wrote:
    > Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as
    > X) traffic?  Im being a bit lame, my personal test lab is down atm, and I
    > cant find anything on the net re sniffing and interpreting X traffic.
    You can have quite a bit of 'fun' with X11.
    If someone running an unprotected X server - not using MIT Magic Cookies
    or xhost authentication properly for example (they have issued 'xhost +'
    ...) - then you can easily grab a screenshot of their X display
    /usr/X/bin/xwd -root -out /tmp/i_can_see_you.dmp
    (:0 indicates the first X display - this listens on port 6000, :1 would
    be port 6001 etc.)
    /usr/X/bin/xwud -in /tmp/i_can_see_you.dmp
    Out of the box, The Exceed X11 server places no restrictions on remote
    connections... :-(
    xspy - - can be
    used to capture keystrokes from an X server. You don't need much of an
    imagination to realize what sort of thing it can be used for :-).
    Pretty much any packet sniffer can grab X11 packets. AFAIK dsniff will
    sniff MIT Magic cookies.
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:29:13 PDT