AIM issue
Results 1 to 10 of 10

Thread: AIM issue

  1. #1
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,229

    AIM issue

    Hey everyone-

    Just a quick and (hopefully) easy 2-part question for everyone-

    1. Is it possible to spoof an AIM screen name?
    2. By what methods?


    I'm trying to assist someone who has received harrassing IMs from a user name that apparently doesn't exist...
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  2. #2
    Banned
    Join Date
    Sep 2004
    Posts
    305

    Re: AIM issue

    Originally posted here by 11001001
    Hey everyone-

    Just a quick and (hopefully) easy 2-part question for everyone-

    1. Is it possible to spoof an AIM screen name?
    2. By what methods?


    I'm trying to assist someone who has received harrassing IMs from a user name that apparently doesn't exist...
    Umm.. why do you think that the screen name doesn't exisit?

  3. #3
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,229
    Good question ;TT (how do you pronounce that anyway? )

    At one point, while the user was actively having a conversation, another co-worker tried to send an IM to the name. A message came up saying "User *ScreenName* is not available."

    If I remember correctly, if the person has selected to screen first IMs from others, you are told that that is what's happening.
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  4. #4
    Banned
    Join Date
    Sep 2004
    Posts
    305
    Easily explained... he could've set his privacy mode to block all users not on his buddy list. That way, all he has to do is add you to his buddy list and no one else will be able to see him.

  5. #5
    Senior Member
    Join Date
    Jun 2004
    Posts
    184
    There are programs for cloning i have heard of but never really anything about spoofing. I know you can block users or all except for buddies as ;TT said...
    Maby you can search google for an aim spoof i will give it a shot.

    http://www.programurl.com/software/i...-keylogger.htm

    these are some keyloggers maby you can sign him on invisible and he will no loinger be harrassed.
    That is best i can find i found nothing on spoofing and i am not to smart in any of these catagories!
    But hoped i helped you out.

  6. #6
    Sounds like ;TT has it with the privacy settings.

    Unless you get creative, I think the only way you could spoof a AIM name / conversation is through a man in the middle attack. AIM talks / listens to AOL's servers, not the indivdual AIM users, so it would have to receive a spoofed name that came from their server? Unless you exploited the server, I don't think you can spoof a Screen Name, of course unless there is a man in the middle. I don't know of any software that would assist a man in the middle attack with AIM.

  7. #7
    Senior Member deftones12's Avatar
    Join Date
    Jan 2003
    Location
    cali forn i a
    Posts
    333
    man in the middle attack...couldnt you use like ethereal to capture them then just edit the packets to change the name? then send the packets along the way? my knowledge with packets is almost null but is there a checksum or anything that you'd have to recreate or resize or anything? i've played with AIM packets before with ethereal for this purpose and looked at them for fun but never did any spoofing or anything...just captured at them and poked around. i could see the plain text and username and all. i think i was tryin to intercept the sign on and see if it send the password in plain text.

  8. #8
    You just sort of described a man in the middle attack. I've never done it myself, nor know of any tools that do... But what I do know is-
    You intercept the traffic, edit it, spit it back onto the network as if it were untouched. There are checksums in TCP packets, but I don't think it matters, you would be recreating the whole packet. AFAIK Ethereal is not a capable tool for a MIM, unless there is a plugin I don't know about.

  9. #9
    Senior Member
    Join Date
    Nov 2003
    Posts
    107
    Hrmm, MiM attacking AIM. Well, I don't know a lot about this, but, I guess I can throw in some stuff. During the AIM login process, you connect to one of several gateway servers (login.oscar.aol.com for most on port 5190, toc.oscar.aol.com on port 9898 for mobile devices usually). These gateways then hand you off to whatever server is available to process your username/password and then you are connected from there. So, to MiM, you'd have to change the settings of where to look for a gateway server. In GAIM, Trillian, and Miranda IM you can do it in the options/preferences. In normal AIM, I'm not sure if it's feasible to try to change where it looks without modding it. So, that's the first challenge.

    The next challenge is setting up an MiM appropriately. All you really need is a way to pass all the 5190 traffic back and forth, which shouldn't be terribly difficult. The fun challenge would be setting up a system to inject data. That way, you could send messages to either person, pretending to be the other (or pretending to be whoever you want to the person that's being MiM'ed).
    Is there a sum of an inifinite geometric series? Well, that all depends on what you consider a negligible amount.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    There are *many* ways to intercept AIM conversations. Some are far more easy than MitM scenarios. There are logging proggies you can plant, you can easily throw a hub up in an office and simply sniff the AIM traffic, etc. You can also use a tool like frag router and happily watch all traffic flow through your box (this does not require a hub).

    As far as screen names that don't exist, this makes no sense. You can easily create 100s of screen names with bogus information. Why would you bother with a spoofed account when there is no real way to link the account to you.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •