Starting with the whole discussion about window open/close notifiers, with questions to get the contact's font, and some other things people would like to access but can't with the current script engine, I decided to try and create an ActiveX based Packet sniffer.

Warning: if your script uses this, it may become unstable/useless if MSN changes protocol ! So be very carefull!

This allows you to start monitoring packets with a couple of lines of code, and provides easy methods to get what you want, quickly!

It gives you access to only 1 property and 2 methods:
» property IP : string containing the IP you want to listen
» function Start() : start monitoring the choosen IP
» function Stop() : stop monitoring the choosen IP
» function About() : displays a small about box

Examples: (with full commented code)

• Window open/close notifier ( very reliable, only close notifier has a delay of 15/30seconds from the actual close of the window, due to a WLM limitation )
  
• View All MSN packets (usefull to study what packets get sent/received when you do something specific and build your own script)

WOW.
you rock.
this will start a whole new wave of scripts.

Yup nice job

Amazing, we can expect a new breed of scripting arriving I think now people have great examples to work with .

Looks really quite usefull

for anyone wondering how to get the local ip so you know what address to sniff:

code:

---

function getLoaclIp(){
    var wmiObj = new ActiveXObject('WbemScripting.SWbemLocator');
    var wmiInst = wmiObj.ConnectServer('.', "root\\cimv2");
    wmiInst.Security_.ImpersonationLevel = 3;
   
    var col = wmiInst.ExecQuery('Select * from Win32_NetworkAdapterConfiguration');
    var colEnum = new Enumerator(col);
   
    var ipAddr;
   
    for (; !colEnum.atEnd(); colEnum.moveNext()){
        var objIp = colEnum.item();
        var addr = objIp.IPAddress(0);
        if((typeof addr == 'string') && addr.match(/\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/)){
            ipAddr = addr;
        }
    }
   
    return ipAddr;
}

---

Im sure there is a better way to find it, but WMI was the only way i could think of at the time

I believe

code:

---

ws = new ActiveXObject( "MSWinsock.Winsock" );
ipaddress = ws.LocalIP;

---

I don't think everyone can use winsock, there was a thread about that a long time ago

is there any way to have the script do the regsvr32 stuff?

Like stated in the documentation:

code:

---

Example 2
ScriptInfo file used to create a Script Pack. During import, the "ExtraFuncVB.dll" ActiveX will be registered with resvr32.

    <DotNetFiles>
        <FileName>ExtraFuncVB.dll</FileName>
    </DotNetFiles>

---

quote:

---

Originally posted by Pai
I believe

code:

---

ws = new ActiveXObject( "MSWinsock.Winsock" );
ipaddress = ws.LocalIP;

---

is easier, but I made it so that the developer can set what IP to listen because there are people with multiple network adapters.

---

quote:

---

Originally posted by Plik

quote:

---

Originally posted by Pai
I believe

code:

---

ws = new ActiveXObject( "MSWinsock.Winsock" );
ipaddress = ws.LocalIP;

---

is easier, but I made it so that the developer can set what IP to listen because there are people with multiple network adapters.

---

I knew there would be an easyer way envolving winsock -_-

* Plik hides in shame

---

Yes, you're right, MSWinsock has that issue ! Plik code is much more reliable Actually, I used that function in the examples posted.

I've added a couple of full-documented script examples, so you can start there to understand how the ActiveXObject works and study MSN protocol ! If I think of more useful examples to post, I will

Does it work with polygamy? I mean, if you have two msn's open, and someone opens a window, would it tell both OCX's open for both msn's, or just one?

quote:

---

Originally posted by Pai
Starting with the whole discussion about window open/close notifiers, with questions to get the contact's font, and some other things people would like to access but can't with the current script engine, I decided to try and create an ActiveX based Packet sniffer.

---

quote:

---

Originally posted by Pai
Examples: (with full commented code)

• Window open/close notifier (very reliable, only close notifier has a delay of 15/30seconds from the actual close of the window, due to a WLM limitation )

---

quote:

---

Originally posted by Pai
My first idea was to make the ActiveX MSN-only (only capture MSN packets), but then I thought that only one extra line of code (check if comming from MSN port) wouldn't matter if you could monitor the entire network.

---

PS: playing with this I noticed several bugs, in the displaytoast function and in the stripformatcodes function of Plus!

@ nx01rules: yeah it does, it just a normal ActiveXObject, like Scripting.FileSystemObject, you can use them the times you want.

@ CookieRevised: thanks, your opinion is always appreciated
About the open/close notifier, I based that code on my tests, because when I was seeing all the packets and started WLM with my DP changed, a bunch of contacts opened my window simultaneously, and the 0 was there in the 9th parameter; unlike when a user opened my window really (I tested this with my other PC, opening a convo myself), where the 0 would not appear. As this happened every time, I concluded this would be the correct approach ! Also, I based the BYE checker on the online documentation at msnfanatic, which states that when the server closes a conversation the 0 is appended. As it also happened in my tests, I made it like that !

About the ActiveX based port restriction, I hadn't thought of it but is a good idea, because if even the user doesn't set the port it can continue to use the object normally with the current if (port == XX) in the OnData event!

PS: do you mean bugs in my code ? or the plus functions themselves don't work as intended? I didn't notice it in any of my tests

quote:

---

Note: it's OCX because Delphi doesn't allow to create non-visual ActiveX Object (actually it allows, but it would take forever), so I created it visually and then added the flag to make the ActiveX invisible at runtime. So, don't worry about the extension being OCX and not DLL, just register it normally using regsvr32.



How do i register it???   


i am

---

134jumbodude: Put it in the same directory as the script, then run:

regsvr32 "<path>\Xniff.ocx"

And, i just ran it with two messenger's open - they both reported a window opening when I only opened a window on one account - so theres a bug there. Oh and i am curious, what was the method you used to determine which MSN is receiving the BYE packet? It doesn't have anything in it but the person who closed the connection, so it must be a TCP based method, yes?

There isn't a bug, it's just that the ActiveX doesn't distinguish MSN accounts, just packets. So, if you have two messengers, there are two instances of the ActiveX loaded, and both of them receive the packet that was sent and generate the notify. I can't see a method to avoid this, because the ActiveX can't distinguish connections.

I'll try to find something to avoid this, but I can't guarantee

quote:

---

Originally posted by Pai
@ CookieRevised: thanks, your opinion is always appreciated
About the open/close notifier, I based that code on my tests, because when I was seeing all the packets and started WLM with my DP changed, a bunch of contacts opened my window simultaneously, and the 0 was there in the 9th parameter; unlike when a user opened my window really (I tested this with my other PC, opening a convo myself), where the 0 would not appear. As this happened every time, I concluded this would be the correct approach ! Also, I based the BYE checker on the online documentation at msnfanatic, which states that when the server closes a conversation the 0 is appended. As it also happened in my tests, I made it like that !

---

quote:

---

Originally posted by Pai

quote:

---

Originally posted by CookieRevised
PS: playing with this I noticed several bugs, in the displaytoast function and in the stripformatcodes function of Plus!

---

PS: do you mean bugs in my code ? or the plus functions themselves don't work as intended? I didn't notice it in any of my tests

---

Just a small (amateur) question...

Is there any way to edit the packets before they're sent to the server? Instead of just monitoring the packets, I want to know whether it's possible to hold, edit, then release the edited packet so that xniff::OnData works kind of like OnEvent_ChatWndSendMessage.

Any feedback would be great.

It is possible but is far from easy to do (and out of scope of this thread/plugin).

-Not to mention if you're not extremely carefull in what to edit, you most likely will cause syncronization problems when doing so.
-Not to mention you need to know the protocol and how it works in extreme detail in order to edit packets in the proper way.

it is extremely advanced stuff.

quote:

---

Originally posted by Pai
so w00t.Xniff sounded like a good choice

---

I'm having problems with scripts that use the xniff.ocx it seems it is because I have a wireless connection. Does anyone know about this?

quote:

---

Originally posted by Zeh
I'm having problems with scripts that use the xniff.ocx it seems it is because I have a wireless connection. Does anyone know about this?

---

this should help loads in script development

Does anyone know what can be done to resolve the problem with wireless connections?

Great work Pai!

Works just good here

I don't have any problems with the ocx and I'm using wireless...

quote:

---

Originally posted by SpunkyLoveMuff
I don't have any problems with the ocx and I'm using wireless...

---

Maybe if we were able to understand what let's it work in some connections it would be easyer to make it work on all wifi connections.

I was just reading through the whole thread to see if it mentions why it doesn't work on some connections...  What kind of problems have people been experiencing?

quote:

---

Originally posted by SpunkyLoveMuff
I was just reading through the whole thread to see if it mentions why it doesn't work on some connections...  What kind of problems have people been experiencing?

---

The scripts just don't work they give a error message in de debug when the Xniff should be working. If you read this thread you will see some people having problems because they have wireless [align=right]http://shoutbox.menthix.net/showthread.php?tid=65633

quote:

---

Originally posted by Zeh
Maybe if we were able to understand what let's it work in some connections it would be easyer to make it work on all wifi connections.

---

quote:

---

Originally posted by SpunkyLoveMuff
I was just reading through the whole thread to see if it mentions why it doesn't work on some connections...  What kind of problems have people been experiencing?

---

That's the problem. How can we let raw sockets to be made in wireless? Is that driver thing going to let i make raw sockets?

Ok, so I am getting an error

quote:

---

Originally posted by The Debug Window

Script is starting
Error: unknown.
       Line: 1. Code: -2147024770.
Script is now loaded and ready
Function called: OnEvent_Initialize

---

It's what CookieRevised said about the raw sockets. Some wireless conections wont let a raw socket to be opened. I wonder what is diferent in your connection, you seem to be able to use the Xniff right...

I disabled all router firewalls and opened all the ports using DMZ settings if that makes a difference...

My router isn't blocking anything.

Did anyone find out how to get xniff to work with wireless?

Script starts fine, but shows no data in debug window.

Any hints?


edit: I thnk the problem was on getting the IP. After I changed the IP function to that of the second example, it started working.

So whoever gets no error with the script but sees no data, try using the code provided in the first example to get the IP and then sniff everything to exaustion.. like I am.

Thanks!

quote:

---

Originally posted by CookieRevised
When it doesn't work (you get the WSAIoctl error) it means a raw socket couldn't be made which is needed to sniff incomming packets.

---

code:

---

function OnEvent_Initialize(MessengerStart){
    if(Messenger.MyStatus > 0){
        try {
            xniff.Start();
        }catch{
            Debug.Trace('Error in xniff.Start():   '+e);
        }
    }
}

---

There is a big problem when you use Pai's Xniff ActiveX sniffer in your scripts.

As soon as more than 1 script is using the ActiveX, critical problems will occur.

When you close Windows Live Messenger (with or without signing out, that doesn't matter), Messenger Plus! unloads all scripts and stuff. But because of a bug in Xniff (or the way it is compiled?), Windows Live Messenger will actually crash.
This crashing will go unnoticed for most people and it will appear as if Windows Live Messenger closed properly. But if you're a beta tester of Messenger Plus! and are using a debug version of Plus!, you will notice dump files being created as proof of Windows Live Messenger crashing upon closing.

This crashing on its turn makes that several things in Messenger Plus! itself doesn't work properly anymore either, like settings which would normally be saved upon closing Windows Live Messenger will not be saved anymore (eg: positions of the Script Debug Window, Event log, etc). It also is responsible for some other 'reported bugs' in Messenger Plus! Live.

emmm im sort of a noob
can some one tell me whole to create all this
cause it isnt really well said what to do ...

thanks

It is actually very well explained. Only, you need to understand about what it is, aka: you need to have some more than basic knowledge about the stuff.

To put it very bluntly (please don't take this in the wrong way though), if you don't understand what is explained or don't understand what the example scripts do or how they work, it is very well possible this isn't for you (yet)...

ok well...i didn't have any problem before cause it worked well on the 7.5 version but doesnt anymore on the msn live 8.0... version ... i even tried Stuffplug to get this open/close message but thosent work either.

anyways...i have to start learning somewhere ...right?
thanks anyways if you dont want to help out

Its not that we dont want to help out its a simple fact that if you dont understand the general concept it will be next to impossible to explain it. "You need to learn to walk before you can run."

And an open/close conversation notifier isn't secure because a lot of things in this protocol is called a "session"; opening conversations, changing your dp and your contact downloading it, etc are sessions so any of these will trigger your notification of an "opened window"

czakowski, in regards to:

quote:

---

Originally posted by Matty
And an open/close conversation notifier isn't secure because a lot of things in this protocol is called a "session"; opening conversations, changing your dp and your contact downloading it, etc are sessions so any of these will trigger your notification of an "opened window"

---

ok thanks guys

Anyone got Xniff to work with Vista?

I get error 0x80004005 when I try to register it.

Thanks

Is there anyway to packet sniff successfully with messenger plus?

What do you mean?

My Bad... Xsniff dosnt work on wireless (yet).

Works for me...doesn't work for me on vista though.. in XP it worked with my wireless.

Odd.. Dosnt work for me on my wireless, runnen XP pro. I manualy registed the file aswell.

Read the entire thread. It is stated and explained before that the OS doesn't have anything todo with it. It depends on what kind of drivers your network card is using.

Sorry, just read it all when I was coming down to this post.
Ethereal has a setting to capture packets in promiscuous mode. Did some searching and found this this.

Possible to enable it with xsniff?

this script not worked ;/
in my pc was installed
WLM 8.1
Messenger Plus 4.7
I installed successfully o script in example (converted to .plsc in winrar, inclued the xniff.ocx), but  not appear the contact window that opened me =//

How to successfully run the script?

helpp
tkss