Posts Tagged ‘Sniffer’

IntPe9 0.5.0 – all purpuse sniffer included



I just release IntPe9 0.5.0. Proud on the release, i am! But I would love to have some more feedback from users and increase its user base. So spread the word and this packet editor/sniffer. It has now a core “General winsock” that will sniff all packets send by as good as all windows processes. So try it and see for yourself!!

Download link for IntPe9 0.5.0

IntPe9 0.5.0:
– Two new cores
– IntPe9 now can only run one instance
– Proxy dll system
– Small bug fixes

– First proxy dll that is able to sniff com packets for Stollmann NFCStack+Eva R04

– General winsock sniffer core
– Sniffs send/recv/WSASend/WSARecv/WSASendTo/WSARecvFrom
– Places hooks with IAT by default
– If IAT hooks fails uses inline hooks (tested on windows seven x64)

Remember it is open source so you can write your own cores. If there are any issues with this release please post them here.



Stupid headers!



So i’ve been trying to figure this out and well, its not that simple. BUT HEY! That makes it good!

So the the decrypting is coming along nicely. So with that all my notes i have i published in a pastebin. Ofcourse there is a lot of stuff not done yet, i’m having a lot of troubles with the different header sizes, and the main header type flag, or something……

O well its a lot of fun. If you need help with decrypting the packets contact me 😉 i can provide you with some code examples if needed.

O YA!, 1 more important point. It seems that the packets are in big endian form!