Re: sniffing X traffic.

From: Anders Thulin (Anders.X.Thulinat_private)
Date: Sun Aug 12 2001 - 23:00:07 PDT

  • Next message: Stephane Aubert: "[BabelWeb] NEW web scanner/analyzer/forcer"

    Power Steve wrote:
    > Anyone know if you can meaningfully sniff Exceed ( I guess it's the same as
    > X) traffic?  Im being a bit lame, my personal test lab is down atm, and I
    > cant find anything on the net re sniffing and interpreting X traffic.
      X sends painting commands from the client to the server (the screen),
    and mouse and keyboard events the other way (mainly).
      If you can listen in on a keyboard event stream, you may certainly find
    passwords in there.  I've seen at least one intrusion vulnerability
    assessment program do just that (but which one was it?)  Indeed,
    if you can sniff a full X stream (both ways), I suspect you can come
    very close to 'replay' whats going on on the screen (like XWatchWin),
    including 'non-echoing' key presses.
      I'm not up-to-date about X protection mechanisms, though: I don't
    know if there is such a thing as encrypted X traffic. 
    Anders Thulin     Anders.X.Thulinat_private     040-661 50 63
    Telia ProSoft AB, Carlsgatan 6, SE-201 20 Malmö, Sweden
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Mon Aug 13 2001 - 12:30:22 PDT