Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Tapping a Skype PC-PC call...
Posted by: istari
Date: April 20, 2008 04:04PM

Hi! I was wondering if anyone here knows of a way to listen in on a Skype conversation taking place on a LAN. You can assume one of the ends of the call is on a compromised LAN, where the attacker has full access to the router...

Thanks in advance ;-)



Edited 1 time(s). Last edit at 04/20/2008 04:04PM by istari.

Options: ReplyQuote
Re: Tapping a Skype PC-PC call...
Posted by: Malkav
Date: April 20, 2008 07:06PM

AFAIK, skype is still a black box. the paper "a silver needle in the skype" has made great advances on mapping the software, but it is totally non standard in its every single way of functionning. if you are aware of progress i'd be more than happy to hear about it.

i have started to work on a full featured VoIP auditing suite (i have found no tools really adapted 1 : to field work, 2 : covering a large attack surface) it currently supports SIP and H323, and i am thinking of implementing several of the ideas in the aforementioned paper, but without real interception capability, it will be limited to building a network of rogue skype nodes using the main network supernodes (and that would imply using a skype binary in my code. that i refuse, of course

----------------------------------------------------------------------------------------------------------------

Those that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.
--Benjamin Franklin

Options: ReplyQuote
Re: Tapping a Skype PC-PC call...
Posted by: istari
Date: April 21, 2008 09:04PM

Oh my, I didn't know that Skype was so well protected! I was hoping someone had come up with a way to detect and capture Skype traffic and "replay" it on the attacker's end. Apparently this is far from possible, at least until someone finds the source code floating around on the wrong server ;-)

By the way, the paper you mention is really interesting. It is obviously a huge step towards understanding Skype, although in terms of reverse engeneering in the end we're still behind what we'd be with a normal application.

Anyway, good luck with your auditing suite! I'd offer my help, but I'm only starting to get interested by VoIP, so I'd be pretty useless :D

Options: ReplyQuote


Sorry, only registered users may post in this forum.