AIM issue

[11001001]

Hey everyone-

Just a quick and (hopefully) easy 2-part question for everyone-

1. Is it possible to spoof an AIM screen name?
2. By what methods?


I'm trying to assist someone who has received harrassing IMs from a user name that apparently doesn't exist...

[;TT]

Originally posted here by 11001001
Hey everyone-

Just a quick and (hopefully) easy 2-part question for everyone-

1. Is it possible to spoof an AIM screen name?
2. By what methods?


I'm trying to assist someone who has received harrassing IMs from a user name that apparently doesn't exist...

Umm.. why do you think that the screen name doesn't exisit?

[11001001]

Good question ;TT (how do you pronounce that anyway? )

At one point, while the user was actively having a conversation, another co-worker tried to send an IM to the name. A message came up saying "User *ScreenName* is not available."

If I remember correctly, if the person has selected to screen first IMs from others, you are told that that is what's happening.

[;TT]

Easily explained... he could've set his privacy mode to block all users not on his buddy list. That way, all he has to do is add you to his buddy list and no one else will be able to see him.

[jr05linux]

There are programs for cloning i have heard of but never really anything about spoofing. I know you can block users or all except for buddies as ;TT said...
Maby you can search google for an aim spoof i will give it a shot.

http://www.programurl.com/software/i...-keylogger.htm

these are some keyloggers maby you can sign him on invisible and he will no loinger be harrassed.
That is best i can find i found nothing on spoofing and i am not to smart in any of these catagories!
But hoped i helped you out.

[Soda_Popinsky]

Sounds like ;TT has it with the privacy settings.

Unless you get creative, I think the only way you could spoof a AIM name / conversation is through a man in the middle attack. AIM talks / listens to AOL's servers, not the indivdual AIM users, so it would have to receive a spoofed name that came from their server? Unless you exploited the server, I don't think you can spoof a Screen Name, of course unless there is a man in the middle. I don't know of any software that would assist a man in the middle attack with AIM.

[deftones12]

man in the middle attack...couldnt you use like ethereal to capture them then just edit the packets to change the name? then send the packets along the way? my knowledge with packets is almost null but is there a checksum or anything that you'd have to recreate or resize or anything? i've played with AIM packets before with ethereal for this purpose and looked at them for fun but never did any spoofing or anything...just captured at them and poked around. i could see the plain text and username and all. i think i was tryin to intercept the sign on and see if it send the password in plain text.

[Soda_Popinsky]

You just sort of described a man in the middle attack. I've never done it myself, nor know of any tools that do... But what I do know is-
You intercept the traffic, edit it, spit it back onto the network as if it were untouched. There are checksums in TCP packets, but I don't think it matters, you would be recreating the whole packet. AFAIK Ethereal is not a capable tool for a MIM, unless there is a plugin I don't know about.

[FlamingRain]

Hrmm, MiM attacking AIM. Well, I don't know a lot about this, but, I guess I can throw in some stuff. During the AIM login process, you connect to one of several gateway servers (login.oscar.aol.com for most on port 5190, toc.oscar.aol.com on port 9898 for mobile devices usually). These gateways then hand you off to whatever server is available to process your username/password and then you are connected from there. So, to MiM, you'd have to change the settings of where to look for a gateway server. In GAIM, Trillian, and Miranda IM you can do it in the options/preferences. In normal AIM, I'm not sure if it's feasible to try to change where it looks without modding it. So, that's the first challenge.

The next challenge is setting up an MiM appropriately. All you really need is a way to pass all the 5190 traffic back and forth, which shouldn't be terribly difficult. The fun challenge would be setting up a system to inject data. That way, you could send messages to either person, pretending to be the other (or pretending to be whoever you want to the person that's being MiM'ed).

[thehorse13]

There are *many* ways to intercept AIM conversations. Some are far more easy than MitM scenarios. There are logging proggies you can plant, you can easily throw a hub up in an office and simply sniff the AIM traffic, etc. You can also use a tool like frag router and happily watch all traffic flow through your box (this does not require a hub).

As far as screen names that don't exist, this makes no sense. You can easily create 100s of screen names with bogus information. Why would you bother with a spoofed account when there is no real way to link the account to you.

--TH13