Protocol (Using Xniff) - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: Scripting (/forumdisplay.php?fid=39)
+----- Thread: Protocol (Using Xniff) (/showthread.php?tid=68700)
Protocol (Using Xniff) by Spunky on 11-21-2006 at 02:05 AM
I'm trying to detect file transfers using the Xniff OCX, but can only detect the invitation and parts of the file being transfered. It does not seem to be sending the filename or filesize. Am I missing something? I've even tried looking at EVERY message sent during the invitation/sending of a file and not found anything 
Please help? lol
RE: Protocol (Using Xniff) by deAd on 11-21-2006 at 02:06 AM
Maybe check the hypothetic.org docs on file transfers.
EDIT: The name's sent in the invitation as one of the little parameter thingies, under "Application-File". Filesize is under "Application-Size". (note that this is not extremely up to date, there may have been changes but it is likely to be the same or very similar)
Example invitation:
code:Source: Hypothetic Documentation
>>> MSG 12 N 294
MIME-Version: 1.0
Content-Type: text/x-msmsgsinvite; charset=UTF-8
Application-Name: File Transfer
Application-GUID: {5D3E02AB-6190-11d3-BBBB-00C04F795683}
Invitation-Command: INVITE
Invitation-Cookie: 85366
Application-File: Autoexec.bat
Application-FileSize: 187
Connectivity: N
RE: Protocol (Using Xniff) by Spunky on 11-21-2006 at 10:18 AM
I looked at the Hypothetic website before posting as I wanted as little "forum help" as possible (wanted to try something on my own for once) 
However, upon looking through the code for File Transfers, it states information that simply does not appear to be sent in that message. I don't get any info regarding the filename or filesize
RE: Protocol (Using Xniff) by Eljay on 11-21-2006 at 10:26 AM
quote:
Originally posted by SpunkyLoveMuff
I looked at the Hypothetic website before posting as I wanted as little "forum help" as possible (wanted to try something on my own for once)
its the Context: part of the invite message that is the filename (probably ends in a long string of A's), you just need to base64 decode it.
RE: Protocol (Using Xniff) by Spunky on 11-21-2006 at 02:16 PM
Right, I've spent some time today looking at base64 encoding and decoding and not been able to find a way to retrieve the name of the file being sent. If I decoded it using a web site, it would have wierd symbols at the start of the file name (at first it says it's an invalid length to be decoded) so I trimmed the symbols of by removing some of the encoded string.
I tried using a dll to decode it, but the sample code given was written for VB and I had a hard time translating it to JScript. The code I used gave a different result for the same string every time it returned a value... Is there a simple JScript function that could be made to do it?
Also, the file size is the main thing I really want to try and get so how is it sent (it must still be sent somehow as the contacts messenger know what file size it is)
RE: Protocol (Using Xniff) by Dempsey on 11-21-2006 at 02:35 PM
quote:The FileName isn't the whole of the Context: section, it's only bytes 19 to 639.
Originally posted by SpunkyLoveMuff
Right, I've spent some time today looking at base64 encoding and decoding and not been able to find a way to retrieve the name of the file being sent. If I decoded it using a web site, it would have wierd symbols at the start of the file name (at first it says it's an invalid length to be decoded) so I trimmed the symbols of by removing some of the encoded string.
Read More: Context field of P2P File Transfers (MSWord)
RE: Protocol (Using Xniff) by CookieRevised on 11-21-2006 at 02:39 PM
May I also note that you wont be able to detect all file transfers like that with Xniff. The protocol has changed a lot in places since what has been written on Hypothetic.
eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.
RE: Protocol (Using Xniff) by Dempsey on 11-21-2006 at 02:44 PM
quote:Not sure if you're only lookin at port 1463 or whatever it is, but transfers use a different port range.
Originally posted by CookieRevised
eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.
RE: Protocol (Using Xniff) by CookieRevised on 11-21-2006 at 02:55 PM
quote:all ports
Originally posted by Dempsey
quote:Not sure if you're only lookin at port 1463 or whatever it is, but transfers use a different port range.
Originally posted by CookieRevised
eg: Here, when sniffing all incomming and outgoing packets from the switchboard with Xniff, it detects absolutely no protocol msgs like that. The file transfers go directly.
(I said Xniff, but actually used a prof. packet sniffer (on all ports))
File transfers depend on many things, it even did back when MSN Messenger 6.2 was the latest version (old post). Now it is way more complicated than just sniffing for that specific MSG message.
RE: Protocol (Using Xniff) by Spunky on 11-21-2006 at 05:17 PM
So is there no way to detect when a file transfer has been initiated (or even just the invitation sent)? The protocol kinda goes over my head, but I wanna learn to interact with it which is why I decided to have a go at this...
RE: Protocol (Using Xniff) by Dempsey on 11-21-2006 at 05:21 PM
quote:It's definatley possible, Eljay has been working on it this afternoon and now has it working, just tidying up his code.
Originally posted by SpunkyLoveMuff
So is there no way to detect when a file transfer has been initiated (or even just the invitation sent)? The protocol kinda goes over my head, but I wanna learn to interact with it which is why I decided to have a go at this...