0

I would like to monitor the data that gets sent to and from an application running on my computer, to this outside server.

What do you suppose is a suitable application to best perform this process??

bazz
  • 413
  • 6
  • 14

2 Answers2

2

Use Wireshark. It monitors all Layer-3 packets that goes through your network card.

JosephH
  • 8,465
  • 4
  • 34
  • 62
  • So, I suppose along with obtaining this tool. What else should I have to learn to do this effectively? Something.. knowledge of packets??? how to dissect packets?? erm. something like that right? Do you think you could point me to a good tutorial (i'll be googling while I ask you this :) ) – bazz Oct 27 '12 at 20:45
  • @bazz sorry for the late reply. Have you found any tutorials yet? What kind of application are you talking about? If the protocol that the application uses is proprietary, you'd probably just have to stick with dissecting TCP packets. Also note that if it uses any kind of proprietary encryption schemes, The data you see in Wireshark is going to be pretty useless. – JosephH Oct 27 '12 at 22:04
  • I am attempting a reverse of Adobe DreamWeaver. I haven't yet concluded if the fix will be in the binary. but I found the concept of faking the server communication to be pretty bad ass. However, I am in the very early stages of this analysis. As much as I would like to learn wireshark, I might not have to bother with that. I am leaning towards mere logic control being the answer. – bazz Oct 28 '12 at 21:06
  • @bazz Yes you will find binary patching lot easier since DW will likely be using SSL when it tries to communicate with its server. Wireshark becomes pretty much useless if you want to sniff the unencrypted data. – JosephH Oct 28 '12 at 21:19
  • @JosephH, I think you meant to say "sniff the encrypted data" – ipatch Jan 26 '13 at 15:42
0

In addition to using Wireshark, you could also perform hooking on socket functions but I am afraid that I can't provide you with any suitable reference of piece of software that let you do so.

Therefore, I suggest you to debug the application, setting breakpoints toward the calls to the interesting functions (I mean send(), recv() and the like) or write a DLL - unless you're not running on Windows - that will hook the functions once you've injected it into your running process.

Geoffrey R.
  • 1,907
  • 1
  • 19
  • 32