Re: sniffing X traffic.

From: BS (bsshuhartat_private)
Date: Mon Aug 13 2001 - 19:15:31 PDT

  • Next message: Jason Lewis: "RE: Emulating a wireless access point"

    I put a whitepaper together on this topic about 1 year ago.  You can find it
    in the whitepapers\archives section on http://www.securityhorizon.com if
    interested.
    
    Two of my favorite tools to use for capturing info from exported X resources
    are xkeys and xwatchwin.  I have problems getting xwatchwin to capture
    window images from Exceed and etc. but xkeys works great.  (Thanks to who
    ever put that piece of work together.)
    
    The amazing thing is that after over 1 year of notification there are
    several companies that still have the default installation, of X window
    software, exporting X resources to the world.  Besides Exceed, Chameleon,
    Xvision, and (I believe the other was) PC Xware, all install vulnerable.
    
    good luck
    bs
    
    ----- Original Message -----
    From: "Joshua Wright" <Joshua.Wrightat_private>
    To: "'Power Steve'" <steve.powerat_private>;
    <PEN-TESTat_private>
    Sent: Monday, August 13, 2001 8:30 AM
    Subject: RE: sniffing X traffic.
    
    
    > You should be looking at dsniff by Dug Song
    > (http://www.monkey.org/~dugsong/).
    >
    > Included is an X11 decoder to display clear-text passwords.  You can
    > probably modify this to fit your needs.
    >
    > -Joshua Wright
    > Joshua.Wrightat_private
    >
    >
    > -----Original Message-----
    > From: Power Steve [mailto:steve.powerat_private]
    > Sent: Friday, August 10, 2001 10:45 AM
    > To: 'PEN-TESTat_private'
    > Subject: sniffing X traffic.
    >
    >
    > Hey all
    >
    > long time listener, first time caller.
    >
    > Anyone know if you can meaningfully sniff Exceed ( I guess it's the same
    as
    > X) traffic?  Im being a bit lame, my personal test lab is down atm, and I
    > cant find anything on the net re sniffing and interpreting X traffic.
    >
    > If anyone would be so kind as to answer a specific question, could I see
    > passwords etc in the traffic?
    >
    > thanks in advance.
    >
    > Steve Power
    > Security Consultant
    >
    >
    >
    >
    > Legal Disclaimer:-
    >
    > Please be aware that messages sent over
    > the Internet may not be secure and should
    > not be seen as forming a legally binding
    > contract unless otherwise stated.
    >
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus Security Intelligence Alert
    (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please
    see:
    > https://alerts.securityfocus.com/
    >
    > --------------------------------------------------------------------------
    --
    > This list is provided by the SecurityFocus Security Intelligence Alert
    (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities please
    see:
    > https://alerts.securityfocus.com/
    >
    
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/
    



    This archive was generated by hypermail 2b30 : Tue Aug 14 2001 - 11:52:31 PDT