Perl MSN Sniffer

Given below is my version of the popular Msndump program. The program published on SecuriTeam is about 150 lines long and supports reading data from a pcap capture file. I was able to reduce it down to about 35 lines without the file reading functions, instead this version just captures live traffic and displays it all on the screen. Use this to capture raw MSN Messenger traffic on your routers. You can also develop your own MSN Messenger spy software using this piece of code; you may copy,modify and redistribute as you wish. This program uses the Net::Pcap and NetPacket modules, and is rather simple to read.

For those of you coming from Mess.be and MSNLocos please note that this script is not the original one I wrote that got published on those websites. There were some changes to the MSN protocol in version 7 and I have decided to leave the message parsing and the regular expressions programming upto you. Most of the visitors are simply looking for a capture script, or just a basic idea on how to listen on MSN conversations using Perl. This is what you are looking for.

[ad]

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/perl -w
 
use strict;
use Net::Pcap;
use NetPacket::Ethernet qw (:strip);
use NetPacket::IP qw (:strip);
use NetPacket::TCP;
 
my %ports;
my $interface = "eth0";
my $pcapfilter = "tcp and port 1863";
 
my $packet = &capturePacket;
Net::Pcap::loop($packet, -1, &parsePacket, 0);
 
sub capturePacket {
my ($error, $filter);
my $capture = Net::Pcap::open_live($interface, 4096, 1, 0, \$error);
if (!($capture)) {
die "Error on $interface:\n $error";
}
else {
print "Capture started on $interface\n";
}
Net::Pcap::compile($capture, \$filter, $pcapfilter, 1, 0);
Net::Pcap::setfilter($capture, $filter);
return $capture;
}
 
sub parsePacket {
my ($address, $header, $packet) = @_;
my $ipdata = NetPacket::IP->decode(eth_strip($packet));
my $content = NetPacket::TCP->decode($ipdata->{data});
print $content->{data};
}
Posted February 12th, 2005 in category code, internet.