Sniffing packets of a software is one of the reverse engineering method to find out what data is being sent and received. Packet sniffing is mostly done by more advanced users and most of the time, hackers themselves. Many years ago when I was in the 8th-wonder team, our leader of the clan ad4 used packet sniffer and discovered that anyone can change a person’s ICQ details without logging in to that user account. He created a simple tool which is able to change the details of any ICQ account, unfortunately one of the clan member masta abused the tool and ICQ found out about that exploit and fixed it within 24 hours.
Other than that, it is also useful to check if a program is harvesting any sensitive data from your computer. If you do not have a firewall, you wouldn’t know if the program that you installed is connecting to the Internet or not. The most popular packet sniffer that is free today is Wireshare (last time was called Ethereal), but I’d like to introduce a different one called oSpy which has the capability of even decrypting encrypted SSL packets.
oSpy is a packet sniffing tool which aids in reverse-engineering software running on the Windows platform. The sniffing is done on the API level which allows a much more fine-grained view of what’s going on. Seeing return-addresses for each recv/send call (for example), can prove useful when you want to look at the processing code at that spot in a debugger or static analysis tool. And if an application uses encrypted communication it’s easy to intercept these calls as well. oSpy already intercepts one such API, and is the API used by MSN Messenger, Google Talk, etc. for encrypting/decrypting HTTPS data.
Another neat feature is when wanting to see how an application behaves when in a firewalled environment. Normally you would have to simulate such an environment by configuring firewalls etc., which not only is time-consuming, but might also cripple the rest of the applications you’ve got running. oSpy solves this problem by a feature called softwalling which allows you to set rules based on the type of function-call, the return-address, local/remote address/port, etc., and lets you choose which error to signal back to the application when the rule matches. This way you can make the application think that for example a connect() timed out, connection was refused, there was no route to host, etc.
Here is a simple test on how oSpy decrypts the SSL packet and display it in clear text.
1. I opened Maybank2u login webpage which has SSL.
2. I attached iexplorer.exe process to oSpy and start capturing the packets. Press F5 in oSpy, chose iexplorer.exe and click Start to start capturing packets on Internet Explorer.
3. I typed the username and password on the Maybank2u login page and click the login button.
4. oSpy shows the username and password that I typed in clear text!
I’ve tried capturing the packets using Wireshark but it only shows the encrypted data and nothing about the username and login even though all the protocols are enabled. The above is only one example of what you can do with oSpy and there are many other reasons to use this tool. What I like about oSpy is its portable, you don’t need to install WinPcap like most packet sniffer requires, small and it’s free!
There’s an annoying bug with oSpy which is if you do not terminate the program properly, you won’t be able to use it to capture packets on any process. It will ask you run a few gacutil commands in command prompt to cleanup the left-over .NET assemblies in your system-wide Global Assembly Cache. For gacutil to work, you will need to download and install .NET Framework SDK or Visual Studio. This might be fixed in the future versions…
[ Download oSpy ]
New & Update
About Me
Spying Windows Software by Sniffing and Decoding Packets including SSL with oSpy
Pingdom Offers Free Account With 20 SMS to Monitor One Website Every Minute
I’ve been using Pingdom for at least 3 years already because they provide really good service and also the 1 minute checks from locations all over the world. I used to have problems sending SMS as notification and Pingdom’s support team fixed the problem really quick plus they even compensated more SMS credits to my account. I’ve always been using the Basic account because that is the cheapest plan they had back then. It’s pretty much a waste since I only have one blog site to monitor when the basic account offers checks on 5 websites.
My Pingdom account has just expired end of February and was billed $119.40 for a new invoice. I’ve just paid few thousand dollars for a years’ dedicated server at NetDepot and is really feeling the pinch for fork out another hundred bucks for a monitoring service. Moreover Adsense has stopped serving ads to this website and the revenue that is generated from other advertising companies is barely enough to cover the cost of this server. So I canceled my Pingdom account temporarily and thought that maybe I will re-sign up again at a later time when I have enough funds. To my surprise I found out that Pingdom has started offering FREE accounts along with 20 SMS but limited to only monitor ONE website. Pingdom Free account is fine with me because I only have 1 website to monitor and can save money.
What I like about Pingdom is the control panel is easy to use and understand and most importantly it does 1 minute checks from different locations around the world. For me, I set Pingdom to check for a certain keyword on my blog site every minute and only notify me via SMS and email if detected 11 consecutive check errors (10 minutes).
Other than checking for downtimes, Pingdom can also check how responsive is your website. Even if you only have FTP or mail server, Pingdom can check TCP ports (21 for FTP) and also SMTP, POP3, IMAP. The TCP port check makes it possible to check nearly everything including a game server such as Counter-Strike that is normally on port 27015.
The important requirement to keep your free Pingdom account alive is to log in to the Pingdom control panel at least once every 90 days. If you’re not good at remembering things, the easiest way is to install a free app by Pingdom called Pingdom Desktop Notifier that runs in the background and notifies you if your website is down. This application connects to your control panel so you can get more information about an outage and access more Pingdom features such as our various reports.
If you think about it, you can register 5 free accounts and you’re able to monitor 5 websites. It’s doable but it’s wrong under Pingdom’s terms of service. One of the terms is “Only one free account per person or legal entity is allowed“. If they catch you using two or more free accounts, you will risk your accounts being terminated. Blacklisting your account is fine because you can always use a new email address and contact information, just don’t blacklist the IP or website that you want to monitor…
So far I can’t find any better free uptime monitoring service than Pingdom. Sign up FREE Pingdom account from this link.
