

Sniffing the Unsniffable on Windows - markgamache
http://markgamache.blogspot.com/2009/06/sniffing-unsniffable.html

======
est
alternatively if you want SYSTEM privileged cmd.exe on Windows XP (not on
Vista, sorry) and you don't have SysInternal's psexec, you can try this:

    
    
        C:\> time /t
         9:42
        C:\> at 9:43 /interactive cmd
    
    

then at 9:43 a cmd.exe shell pops up.

And HTTPAnalyzer could sniff HTTPS traffic easily. It's DLL injection and it
can un-gzip data.

~~~
markgamache
AT no longer allows running as local system.

HTTPAnalyzer is great for HTTPS, but not pure SSL, such as LDAPS, in the
example.

------
joshu
"sniffing the unsniffable" sounds way more racy than it ought to.

------
FahnRobier
stunnel is also a nice way to debug ssl connections when you only control one
side of the connection: <http://www.stunnel.org/examples/>

As a client, you would stunnel local:389 to remote:636. As a server you would
stunnel local:636 to local:389.

Then you can sniff on the unencrypted port with wireshark,etc.

Thanks for the pointer to detours.

------
rawr
I am very pleased to see a legitimate post about hacking on Hacker News. Well
played, sir.

I have similar feelings about Detours. Microsoft Research is in their own
little world sometimes.

~~~
daeken
On the subject of Detours, I suggest checking out EasyHook:
<http://www.codeplex.com/easyhook>

It's under a free license, lets you write hooks not only from C/C++, but also
from any .NET language (architecture-independent). It makes any sort of API
hooking a breeze.

Edit: Forgot to mention, it automatically sets up a remoting channel for you.
That way, you can do IPC between your hooking application and the hookee
trivially.

