Quote Originally Posted by boyboy400
1-In my first question above, when we know that there had been a challenge/responce, does it mean that the hash of password is manipulated with some string? I mean for example if the pass had been 123 and its hash mush be abcdef, yahoo added a string to it and what we have is: "hash=xyzabcdef"? Am I right?
Sounds about right.
2- Was I right about the wireshark? I mean does it have sniffed the hash of his own password (not the hash of someone else)? Because apparently it sniffs the packages(being sent and received) of the computer it's installed on!!
It sure looks that way.

Only God can judge me.
I'm an atheist. God is overrated.