MSN Dump

Sniffea / interpreta lo que va por el puerto 1863, igual esto no corre mas porque el MSN no existe mas, pero lo dejo a fines de ejemplo.

#!/usr/bin/perl -w
# quick dirty msn sniffer
# http://miscname.com/
# $Id: msndump.pl,v 1.3 2004/11/17 10:00:33 meh Exp $
 
#To capture live traffic from device eth0 run:
#msndump.pl -i eth0
 
#To capture from tcpdump traffic.pcap file run:
#msndump.pl -r traffic.pcap
 
# you need Net::Pcap and Net::Packet
# use cpan or get manually
# http://search.cpan.org/CPAN/authors/id/A/AT/ATRAK/NetPacket-0.04.tar.gz
# http://search.cpan.org/CPAN/authors/id/K/KC/KCARNUT/Net-Pcap-0.05.tar.gz
 
my $lowuid='1001';
my $lowgid='1001';
 
my $filter = 'tcp and port 1863';
 
# no modify below
use Getopt::Std;
use Net::Pcap;
use NetPacket::IP;
use NetPacket::Ethernet qw (:strip);
use Fcntl;
$|=1;
my $flags |= O_NONBLOCK;
 
my %opts;
getopt("wicr",\%opts);
if ( (!($opts{i})) && (!($opts{r})) ) {
print "[ msndump - miscname.com ]\n Usage:\n\t-i rl0 || -r file.pcap\n\t-c X - capture X packets\n\t-w freshIMz.txt\n\n";
exit;
}
 
if ((!$opts{r}) && ($> != '0')) {
die ("you need uid 0\n");
}
 
# main loop
my $exitvar = '0';
while ($exitvar == '0') {
 
# create pcap
my $pcap = &cap_pkt;
if (!($pcap)) {
  die ("cant capture\n");
}
 
# drop privs
my $GID="$lowgid";
my $UID="$lowuid";
my $EGID="$lowgid $lowgid";
 
# -w if set
if ($opts{w}) {
  open (FILEOUT,">$opts{w}") || die ("cant open $opts{w} ($!)\n");
  fcntl(FILEOUT, F_SETFL, $flags) or die ("couldn't set nonblock for $opts{w} ($!)\n");
}
 
# capture loop
if (($opts{c}) && ($opts{c} =~ /(\d+)/)) {
  print "stopping after $1 packets\n";
         Net::Pcap::loop($pcap, $1, \&proc_pkt, 0);
  $exitvar = '1';
} else {
         Net::Pcap::loop($pcap, -1, \&proc_pkt, 0);
  my %stats;
  Net::Pcap::stats($pcap, \%stats);
  print "saw $stats{ps_recv} packets, dropped $stats{ps_drop}\n";
}
 
# free it
print "cleaning up\n";
Net::Pcap::close($pcap);
# close fh
if ($opts{w}) {
  print "wrote $opts{w}.\n";
  close FILEOUT;
}
}
 
# sub procs below
sub cap_pkt {
 
my ($pcap,$dev,$err,$mask,$net,$filter2);
my $snaplen = 14096; # seen some big im's :(
my $promisc = 1; # promisc of course
my $timeout = 0; # timeout
 
# file.pcap?
if ($opts{r}) {
  print "reading from '$opts{r}'\n";
  $pcap = Net::Pcap::open_offline($opts{r}, \$err);
  if (!($pcap)) {
   die("error opening $opts{r} ($err)\n");
      }
} else {
 
  # set dev from cmdline
  $dev = $opts{i};
  print "dumping on '$opts{i}'\n";
 
  # get netmask for filter
  if ((Net::Pcap::lookupnet($dev, \$net, \$mask, \$err)) == -1 ) {
          die ("Net::Pcap::lookupnet failed ($err)\n");
      }
 
  # open it
  $pcap = Net::Pcap::open_live($dev, $snaplen, $promisc, $timeout, \$err);
  if (!($pcap)) {
   die ("can't create packet fd ($err)\n");
  }
}
 
# sanity check
if (!($pcap)) {
  die ("sanity check failed - \$pcap null\n");
} elsif (!($mask)) {
  $mask = '0'; # for open_offline
}
 
# make filter struct
if (Net::Pcap::compile($pcap, \$filter2, $filter, 1, $mask) != '0') {
   die ("broken filter ($filter)\n");
}
# apply
Net::Pcap::setfilter($pcap, $filter2);
 
return $pcap;
}
 
sub proc_pkt {
 
my($user_data, $hdr, $pkt) = @_;
my ($user,$msg);
 
my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
#my $ip_obj = NetPacket::IP::strip($pkt);
 
# check if its a message (or a p2p file transfer)
# if your reading this, include 'P2P-Dest:' in your message body to avoid sniffer ;)
if (($ip_obj->{data} !~ /MSG/m) || ($ip_obj->{data} =~ /P2P-Dest:/m)) {
  ;
} else {
  print $ip_obj->{data};
  # extract goodies
  if ( (($ip_obj->{data} =~ /MSG (.*)\@(.*)/)) || (($ip_obj->{data} =~ /P4-Context: (.*)/)) ) {
   $user = "$1\@$2";
  }
 
  if ($ip_obj->{data} =~ /X-MMS-IM-Format:\s.*\r(.*)/s) { #\s\w+\=\w+\;\s\w+\=\w+\;\s\w+\=\w+\;\s\w+\=\w+\;\s\w+\=\w+\;(.*)/m) {
   $msg = $1;
  }
 
  # display if we have both
  if (($user) || ($msg))
  {
   if(!$user)
   {
    $user = "unknown user";
   }
   if (!($opts{w})) {
    print "\n----------------------------------------------------\n";
    print "src_ip($ip_obj->{src_ip}) dst_ip($ip_obj->{dest_ip})\n";
    print "TO/FROM: $user\nMESSAGE:\n$msg\n";
   } else {
    print FILEOUT "\n----------------------------------------------------\n";
    print FILEOUT "src_ip($ip_obj->{src_ip}) dst_ip($ip_obj->{dest_ip})\n";
    print FILEOUT "TO/FROM: $user\nMESSAGE: \n$msg\n\n";
   }
  }
}
}