Jump to content


Photo

Network Traffic Analyzing And Editing Setup


  • Please log in to reply
7 replies to this topic

#1 SoLovely

SoLovely

    X-S Enthusiast

  • Members
  • 21 posts

Posted 17 June 2009 - 06:44 AM

Hello everyone, just doing some experimentation with packets, and I'm trying to find a setup that will allow me to do what I'd like to do. Now, I'm bridging my xbox connection through my laptop already which makes capture cake. A problem comes with editing. Ignoring the packet encryption for now, most places suggest setting up a proxy through my hosts file to get and resend packets to and from my xbox in order to edit packets in transit, but that requires new entries to the hosts file for every IP the xbox interacts with which, apart from being difficult since it contacts over 10 IPs in startup alone, would make it impossible to manipulate packets coming from other players in an online game. Is there any way to use my laptop as a proxy for all traffic coming through the bridged Ethernet port?

#2 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 17 June 2009 - 05:44 PM

What your trying to do have been looked in to many times and its quickly become clear its not worth it due to the way the packets are encrypted and treated by the system.

#3 SoLovely

SoLovely

    X-S Enthusiast

  • Members
  • 21 posts

Posted 18 June 2009 - 03:36 AM

QUOTE(No_Name @ Jun 17 2009, 05:44 PM) View Post

What your trying to do have been looked in to many times and its quickly become clear its not worth it due to the way the packets are encrypted and treated by the system.



I'm quite aware, though they and I were probably doing it for different reasons. Regardless, help would be appreciated.

#4 No_Name

No_Name

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,154 posts

Posted 18 June 2009 - 04:59 AM

QUOTE(SoLovely @ Jun 17 2009, 07:36 PM) View Post

I'm quite aware, though they and I were probably doing it for different reasons. Regardless, help would be appreciated.

The reasons do not matter you still hit the same walls, and more.

#5 SoLovely

SoLovely

    X-S Enthusiast

  • Members
  • 21 posts

Posted 18 June 2009 - 07:41 AM

QUOTE(No_Name @ Jun 18 2009, 04:59 AM) View Post

The reasons do not matter you still hit the same walls, and more.


Honestly, without knowing my motives you can't make any judgment as to the outcome of what I'm trying to do. The kerboros key exchange that sets the encryption key for the entire session and the header checksum on all traffic after the authentication is completed would obviously make it near impossible to 1) find the session's encryption key(which is randomly generated per session) and 2) read(the plaintext version of) or edit any traffic coming through my bridge. If I already know that, why am still pressing forth? Perhaps because my business doesn't involve finding methods to obtain encryption keys or editing packets? Yeah...

Help would still be appreciated, and my question still stands; is there any way to capture, analyze and resend all traffic coming in and leaving from my bridged port? Any if I am doing that(via programming), will the resent packets still be identical to those obtained or will I have to spoof the IP on them so as not to mess up the checksum?(new to programming here, and these questions are just based on logic)

Thanks.

#6 johnyblackout

johnyblackout

    X-S Member

  • Members
  • Pip
  • 87 posts
  • Location:New York
  • Xbox Version:v1.6c
  • 360 version:v4.0 (jasper)

Posted 03 September 2009 - 04:20 AM

I'm probably wrong here but it sounds like a basic man-in-the-middle attack where you want all packets redirected through your laptop. If so you can use cain and abel to do the arp cache poisining and then use ethereal or whatever to analyze the packets.

http://www.oxid.it/cain.html

http://www.wireshark.org/

#7 crashzero

crashzero

    X-S Enthusiast

  • Members
  • 3 posts

Posted 08 November 2009 - 05:34 PM

I have an similar ideia this days, but using a computer as intermediate between xbox 360 and any other connection. Share connection if a computer and using a firewall redirect all connections from xbox 360 to a "server on pc" that make changes on network packages (changing id on the packages and again on the response, or simulate the live responses).

It`s like:
Xbox <-> PC <-> FIREWALL+Server <-> Live

I don't know if is possible to do that but I really think that is a good ideia.

If is possible to simulate live responses by getting them from live by wireshark could be used to map all the live answers and requests from xbox and create a alternative live. (Maybe beacuse the difficult can be just used to unblock the HD use again making the xbox 360 think that is not banned from live).

Other possibilite alterating the packages is change de console id in the requests and respondes making live think that is another xbox 360 (major problem is to create acceptables key).

The encryptation can be the worst problem that make impossible to implement.

Sorry about my english.


#8 majinsoftware

majinsoftware

    X-S Freak

  • Members
  • PipPipPipPipPip
  • 1,416 posts
  • Xbox Version:v1.6b
  • 360 version:v4.0 (jasper)

Posted 11 November 2009 - 11:53 AM

You cant simulate live responses, Since the encryption key is different each time.
The first time the xbox will under stand the stuff.
Next time it will just be rubbish getting sent to it.

Also you cant edit the console id in the packet because yet again the encryption problem.

And to

SoLovely:
Make a basic pass though proxy.
Point your xbox to that with the settings in the dash.

Then everything will have to go though the proxy.
You can get the proxy to do all your filtering and editing.

That would be the simplest way to achieve what you want.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users