Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "wireshark"
-
I feel like a fucking abomination at the moment.
I have been working on an app that is almost like Wireshark. More so for practice than anything else.
I decided that today I would try it out on the network here at my house, so I started the packet sniffer and wanted to see what was going on. I was checking for unencypted text (like telnet and whatnot) and came across this odd address that I hadn't seen before.
I did something that I shouldn't have done, and I fucking clicked and did the equivalent of "follow TCP stream" on wireshark. I fucking went and looked what the text being sent over this fucking network was.
It was my girlfriend, using fuck knows what messenger, but it was unencrypted. I just found out that she is cheating on me. I don't want to go into what the texts exactly say, because it fucking hurts me deep down.
Why didn't she just use whatsapp or something, fuck man. I really don't need this in life at the moment. I am genuinely trying to get my shit in order, I have been coding my ass off at night for extra money to make it, I have been working overtime where I can - fuck I have even tried sucking up to management (I would never do this under normal circumstances) - and to top this off, the motherfucking tax man is giving me hell.
Fuck sakes.
If you want to cheat, fucking do it properly. Because I am in a state of pure sadness and hatred and the moment - and I don't know what the fuck to do.25 -
Wiire-Shark Doo doo doo doo doo
Eating our internet Doo doo doo dooo doo
Why you do this? Doo doo doo doo doo doo
Wireshark.4 -
Some fucker installed a keylogger on my Ubuntu laptop at home and registered it as a systemd service. From Wireshark, it's sending each keystroke to a server in France using irc. Tried accessing the server but the moron shut it down immediately. It's the last time am fucking installing code from prebuilt binaries. If I can't build it from source then fuck off your sniffing cunt. I was about to log in into a database from that machine.
UPDATE: I found the actual file sending the keystrokes but it's binary. Anyone know how I can decode a binary file?36 -
I still miss my college days. Our crappy IT Dept restricted internet usage on campus. Each student used to get 10 GB of internet data and they used Cyberoam for login (without HTTPS). 10 GB was so less (at least for me).
Now, thanks to CS50, I learned that HTTP was not secure and somehow you can access login credentials. I spent a night figuring things out and then bam!! Wireshark!!!!
I went to the Central Library and connected using Wireshark. Within a matter of minutes, I got more than 30 user ids and passwords. One of them belonged to a Professor. And guess what, it had unlimited data usage with multiple logins. I felt like I was a millionaire. On my farewell, I calculated how much data I used. It was in TBs.
Lesson: Always secure your URLs.5 -
Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).
Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).
Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.
Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”
FRACK!
Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”
Several other devs, DBAs, and network admins agree.
The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.
This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.
FRACKing female dog!
Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.
Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).
People and their petty office politics piss me off.2 -
Had a discussion with a developer about security. His software transfers all user data (password and files) unencrypted, so anyone can grab them with wireshark. I told him that this is a severe issue. He said no its no problem because if you get hacked its your own fault, because you probably used an insecure network. NO ! YOU FUCKING MALADJUSTED SHEEP-MOLESTING OBJECT OF EXECRATION, YOU SHOULD ALWAYS ENCRYPT SENSITIVE USERDATA NO MATTER WHAT NETWORK YOU USE. FUCKING KILL ME ALREADY.
Not implementing encryption is one thing but then acting like its no problem is a fucking nother one. Why do people not understand that security of userdata is important???11 -
You write code.
A strange issue prevents you to proceed further.
Try one fix. Fails.
Try another Fix. Fails.
...
Try fix #28. Fails.
You decide to ask for help in the support forum.
You start writing your post, mentioning everything you've tried so far. You feel your social anxiety and fear the humiliation of being told "because you didn't try X, you idiot". Then you come up with an idea for fix #29.
(fix #29 normally involves Wireshark or similar low-level inspection tool)
Try fix #29. It succeeds :)5 -
I was learning about packets and I was trying pirni (like Wireshark for iPhone) on my local network. I found a packet of my my roommate about a recipe of fancy a fancy dish
me: *enters the kitchen* Bro you need to see this I got this sick recipe of $fancyDish that I really wanna try
le roommate: THERES NO WAY ARE YOU FREAKING KINDING
I know its wrong to spy on peoples trafic but it was worth it hahaha7 -
A huge new hospital opened up.
it looks very modern and nice, lots of new doctors and facilities.. but..
Why is everything wireless?!
everything's connected to different APs across the hospital!
Receptionist's pc? has a wifi adaptor sticking out to the side.
in-patient's smart tvs? Wireless, connected to their own ap
etc etc.
conveniently enough, the SSID's were labeled with where they were being used and didnt bother to hide it
"Office A" "Smart TVs" "DB".
now im not saying wireless is bad, it's convenient! but why make everything in the building connect wirelessly.
any kid who's feeling naughty could do:
aireplay-ng -0 0 [BSSID] wlan[#]
and it's good bye connectivity.
or maybe flip put wireshark or any kind of sniffer.
i dont wanna have to come here for surgery only to find out the machine's wireless too.
imagine it stopping halfway through your surgery.. Yikes..6 -
I broke into hotels WiFi. So here's the setup
They have a main router (TP-Link) which they use for official purposes then they connected the main router to a Microtik router for guests.
I got a glimpse of the software they use for accomodation, billing etc. It runs on php stack maybe MySQL too and some ip can't remember now. I can use wireshark to sniff the packets. Basically should I tell the office of this hotel about the security? Or just let it go.
P.S: Guys you know I'm visiting my gf but I've got some time for myself as she had something to do. So you know I'm not using my laptop when I'm with her.13 -
Right, I've been here before.
Our app requires an internet connection, and one of our clients wants to roll it out on a strictly managed network.
We told them which addresses our app communicates with and their network team opened them up for traffic. Should work, right?
Nope, doesn't work.
So I request them to use Fiddler to do some debugging of the network traffic, and lo and behold, it does work when Fiddler is active.
One important detail is that Fiddler uses it's own SSL certificate to debug HTTPS communications. I've had moments where expired certificates were the cause of things not working and running Fiddler "fixes" this because of their own certificate.
So I point this out in numerous mails to their network team, every time I get a response saying "nah, that can't be it".
I keep insisting "I have had this before, please check if any installed Root CA Certificates is expired"
At this point I'm certain they have updates turned off on these machines, and their certificates must not have been updated for a long time.
At one point they come back to me. "Hey, when Fiddler is off, WireShark shows the app communicating with ICMP calls, but when it's on it shows HTTP calls instead".
...YOU'RE THE SUPPOSED NETWORK EXPERTS?! You think data can be send via ICMP? Do you even know what ICMP is? Of course you'll see ICMP calls when the network is rejecting the packages instead of HTTP calls when everything's fine.
(ICMP is used to communicate errors)
I'm trying to keep my patience with these guys until they find exactly what's wrong because even I am somewhat grasping at straws right now. But things like this makes me doubt their expertise...6 -
I was looking around to do some stuff with wireshark and I stumbled across a forum question from a 2012 in which someone actually replied with the people from the future in mind.
God bless you shearn89 🫡
Youre a real one
And to those that reply "I found the solution thx" and don't post it: eat a dick11 -
TLDR: Find a website that requires a subscription but doesn't check their cookies' integrity, now I'm on a website for free.
>be me
>wonder if it's possible to intercept browser data
>download Wireshark
>download Fiddler
>find that none of these really fit me
>go to youtube, search how to intercept POST data
>find something called BurpSuite
>Totally what I was looking for
>start testing BurpSuite on devrant
>neat!
>I can see all the data that's being passed around
>wonder if I can use it on a website where my subscription recently ended.
>try changing my details without actually inputting anything into the website's form
>send the data to the server
>refresh the page
>it worked
>NEAT!
>Huh what's this?
>A uid
>must be a userID
>increment it by 1 and change some more details
>refresh the page
>...
>didn't work 😐
>Hmmm, let's try forwarding the data to the browser after incrementing the uid
>OH SHIT
>can see the details of a different user
>except I see his details are the details I had entered previously
>begin incrementing and decrementing the uid
>IFINITE POWER
>realize that the uid is hooked up to my browsers local cookie
>can see every user's details just by changing my cookie's uid
>Wonder if it's possible to make the uid persistent without having to enter it in every time
>look up cookie manipulator
>plug-in exists
>go back to website
>examine current uid
>it's my uid
>change it to a different number
>refresh the webpage
>IT FUCKING WORKED
>MFW I realize this website doesn't check for cookie integrity
>MFW I wonder if there are other websites that are this fucking lazy!!!
>MFW they won't fix it because it would require extra work.
>MFuckingFW they tell me not to do it again in the future
>realize that since they aren't going to fix it I'll just put myself on another person's subscription.5 -
A few years ago I was in high school and used to have a small reputation of hacking things. I could hack, just would never hack any school networks or systems (reputation + notice that there was a breach is a bad combo since everyone would immediately suspect you).
Anyways one day the networks internet connection went down in the school district and I was the only one who used a laptop to take notes. So I quickly opened the terminal and ran Wireshark and said to the person to my right "see that button there? yeah I programmed this last night. anytime I press it I can shut down the network so the teacher can't reach her files (she famously only saved them online). *Long dramatic press* Wireshark started scanning the network so all the numbers and lines were going crazy as it viewed the packet info "Now just wait", soon the whole class knew what I had done through whispers and lo and behold a few minutes later and the teacher couldn't reach her files.
Everyone loved me for the rest of the year for saving them from the homework for the week the wifi network was out since it also ended up having to cancel two tests in the class, and a lot more homework and tests in all their other classes. Solidified my reputation and no one fucked with me from that day on. -
EoS1: This is the continuation of my previous rant, "The Ballad of The Six Witchers and The Undocumented Java Tool". Catch the first part here: https://devrant.com/rants/5009817/...
The Undocumented Java Tool, created by Those Who Came Before to fight the great battles of the past, is a swift beast. It reaches systems unknown and impacts many processes, unbeknownst even to said processes' masters. All from within it's lair, a foggy Windows Server swamp of moldy data streams and boggy flows.
One of The Six Witchers, the Wild One, scouted ahead to map the input and output data streams of the Unmapped Data Swamp. Accompanied only by his animal familiars, NetCat and WireShark.
Two others, bold and adventurous, raised their decompiling blades against the Undocumented Java Tool beast itself, to uncover it's data processing secrets.
Another of the witchers, of dark complexion and smooth speak, followed the data upstream to find where the fuck the limited excel sheets that feeds The Beast comes from, since it's handlers only know that "every other day a new one appears on this shared active directory location". WTF do people often have NPC-levels of unawareness about their own fucking jobs?!?!
The other witchers left to tend to the Burn-Rate Bonfire, for The Sprint is dark and full of terrors, and some bigwigs always manage to shoehorn their whims/unrelated stories into a otherwise lean sprint.
At the dawn of the new year, the witchers reconvened. "The Beast breathes a currency conversion API" - said The Wild One - "And it's claws and fangs strike mostly at two independent JIRA clusters, sometimes upserting issues. It uses a company-deprecated API to send emails. We're in deep shit."
"I've found The Source of Fucking Excel Sheets" - said the smooth witcher - "It is The Temple of Cash-Flow, where the priests weave the Tapestry of Transactions. Our Fucking Excel Sheets are but a snapshot of the latest updates on the balance of some billing accounts. I spoke with one of the priestesses, and she told me that The Oracle (DB) would be able to provide us with The Data directly, if we were to learn the way of the ODBC and the Query"
"We stroke at the beast" - said the bold and adventurous witchers, now deserving of the bragging rights to be called The Butchers of Jarfile - "It is actually fewer than twenty classes and modules. Most are API-drivers. And less than 40% of the code is ever even fucking used! We found fucking JIRA API tokens and URIs hard-coded. And it is all synchronous and monolithic - no wonder it takes almost 20 hours to run a single fucking excel sheet".
Together, the witchers figured out that each new billing account were morphed by The Beast into a new JIRA issue, if none was open yet for it. Transactions were used to update the outstanding balance on the issues regarding the billing accounts. The currency conversion API was used too often, and it's purpose was only to give a rough estimate of the total balance in each Jira issue in USD, since each issue could have transactions in several currencies. The Beast would consume the Excel sheet, do some cryptic transformations on it, and for each resulting line access the currency API and upsert a JIRA issue. The secrets of those transformations were still hidden from the witchers. When and why would The Beast send emails, was still a mistery.
As the Witchers Council approached an end and all were armed with knowledge and information, they decided on the next steps.
The Wild Witcher, known in every tavern in the land and by the sea, would create a connector to The Red Port of Redis, where every currency conversion is already updated by other processes and can be quickly retrieved inside the VPC. The Greenhorn Witcher is to follow him and build an offline process to update balances in JIRA issues.
The Butchers of Jarfile were to build The Juggler, an automation that should be able to receive a parquet file with an insertion plan and asynchronously update the JIRA API with scores of concurrent requests.
The Smooth Witcher, proud of his new lead, was to build The Oracle Watch, an order that would guard the Oracle (DB) at the Temple of Cash-Flow and report every qualifying transaction to parquet files in AWS S3. The Data would then be pushed to cross The Event Bridge into The Cluster of Sparks and Storms.
This Witcher Who Writes is to ride the Elephant of Hadoop into The Cluster of Sparks an Storms, to weave the signs of Map and Reduce and with speed and precision transform The Data into The Insertion Plan.
However, how exactly is The Data to be transformed is not yet known.
Will the Witchers be able to build The Data's New Path? Will they figure out the mysterious transformation? Will they discover the Undocumented Java Tool's secrets on notifying customers and aggregating data?
This story is still afoot. Only the future will tell, and I will keep you posted.6 -
Routing and analysis of http behaviour with wireshark makes so much joy and fun.
Wanna get even more fun?
Add DNS. Add loadbalancers.
Loadbalancers?
Hell Yeah!
VLAN X has it's own router and domain overrides to give a service a seperate IP pointing to a loadbalancer inside the VLAN X.
loadbalancer in VLAN X then has additional routes to point to loadbalancer in VLAN Y.
Which might then point to the service in VLAN Y or... point to another loadbalancer in VLAN Z.
I'm always amazed what a human mind can create....
If you think that's insane, then add HTTP keepalive and persistent connections.
I just love people who have no idea what they're doing but are able to create a clusterfuck of brainfuck....11 -
So my father has to deal with some vendors providing niche hardware and software solutions for a single department in the company.
Once the hardware finishes its work and transfers results to the managing PC, the PC has to upload those results to the server on the internet. The problem is that if no one's working with that setup for a few minutes the software in the PC can no longer communicate with the server.
Naturally, since idle time is in the equation, I thought of SO_KEEPALIVE (or whatever it's called in Windows). Wireshark confirms the absence of keepalive packets. However, the app doesn't seem to have any means to enable it... Hence the need to work with support guys.
One would expect the support to be professional, experts considering anything related to the app.
One would NOT expect to receive a call: "Hey, look, I was doing some googling on the internet... You might be right, enabling KA might help with the issue. We were discussing with our engineers and we tried to find some application that could enable KA on your computer. We couldn't find anything, but we believe that's the way to go. So give it a try and try to find some app on the internet that enables KA for our proprietary application". // everything in Lithuanian ofc.
I mean...seriously...?
I was startled to hear this suggestion. Since I expected them to be experts I assumed there's something IDK about Windows sockets -- could Windows enable KA globally, by-default? Did not find such a thing. Could Windows allow application A to control application B's socket options? Frankly, I'm too afraid to even look for this. I dislike Windows already. If this turned out to be true I'd probably become an anti-windows evangelist.4 -
It's a very difficult choice for me. I use many open source things on a daily basis.
Unordered list:
-Linux
-Wireshark
-Gotop
-Ettercap
-VS Code
-PHP
-discord.js12 -
Running WireShark to see what one of our partners is sending across.
Outdated TLS: Ok, that's par for the course.
Leaking data through DNS queries: ButWhy.jpg
Website leaked through DNS doesn't require auth to view information. TableFlip.jpg1 -
Crazy... Hm, that could qualify for a *lot*.
Craziest. Probably misusage or rather "brain damaged" knowledge about HTTP.
I've seen a lot of wild things when devs start poking standards, but the tip of the iceberg was someone trying to use UTF-8 in headers...
You might have guessed it - German umlauts. :(
Coz yeah. Fucktard loved writing everything in german, so why not write custom header names in german.
The fun thing is: It *can* work, though the usual sane thing is to keep it in ASCII range for the obvious reason that using UTF-8 (or ISO-8859-1, which is *not* ASCII) is a gamble you gonna loose.
The fun game was that after putting in a much needed load balancer between services for monitoring / scaling etc suddenly *something* seemed off.
It took me 2 days and a lot of Wireshark hoola hooping to find out why, cause the header was used for device detection aka wether it's a bot or not. Or in the german term the dev used: "Geräte-Art".
As the fallback was to assume a bot, but only rate limit based on IP, only few managed to achieve the necessary rate limit to get blocked.
So when I say *something* seemed off, I really mean a spooky kind of "sometimes IP blocked for seemingly no reason at all".
Fun stuff. The dev btw germanized everything. Untangling the code base was a lot of non fun. -.-6 -
Some kid keeps asking me how to session hijack. I keep telling him there's no point if:
A. You're not on the same network as him / her (I'm sure there are exceptions to this but normally you'd have to be on the same network)
B. The connection is encrypted
He doesn't understand either of those things. Not to mention it's illegal unless you're given consent.7 -
Ok, I didn't know that Wireshark on Windows can fuck-up your network routing :D Try to send anything to 255.255.255.255 broadcast and see that nothing happens, yay :D
-
With his last tweets (and the last days), Musk has shown he is a total fraud.
This thousand requests story was possible to check just by installing a Wireshark-like on Android.
And I remember having a CTO exactly like this. Always an opinion on every damn technical thing, often making no sense at all and all the time totally off.
Which drives me to this conclusion :
If you are a CTO/CEO/C Bullshit O, go back to your damn office, fill your paperwork and for the sanity of every engineer, shut your mouth.22 -
Requests to a soap server were failing randomly. In order to contact the API provider, I tried to provide an curl example with the same payload and the error response. Yet when sending the payload over curl, the request worked just fine. When my application was building the request, it failed.
What. The. Fuck.
I checked and double-checked the request body and headers. They were identical.
Of course, no error response was returned by the API provider and, of course, they could not tell me how what error I caused in my request.
So I created a basic dummy server, installed wireshark and compared the payload when sending a request from my application and from curl to my dummy server.
It turns out: curl, if called in a certain way, automagically strips out newlines. The soap client kept them.
So that that shitty soap server crashed due to newlines in the message body!
Stripping out the newlines was rather easy.
Shame on you, your house, and entire family for letting it crash due to them!1 -
Fucking MQTT, go suck some dicks! Can't get that pice of shit to work, sending connect and publish works like a charm but somehow I won't get an acknowledge message which means the publish doesn't go through!
On the brigt side: another oportunity to fire up wireshark and compare my software to other tools.
Anyone expirienced wit MQTT or thingstream.io
P.s. there support also can go and choke on some dicks!5 -
Recently I have had to help our support team handle a variety of embedded development support tickets for a product line that is quite complex in nature. It is really starting become frustrating how common it is that the so-called “developers” that are using this product are so incompetent at requesting help in a proper/sane way. It is even more frustrating that some of these schmucks start acting up and stating bullshit statements like (para-phrasing) “OMG we have a ‘big opportunity’ and a deadline to meet”, “you need to help us faster”. These are also the same guys that are like “I know you have a free SDK that does everything correctly, but I want to write my own ‘pro’ driver written in my own ‘dumbass code style’. Oh and I am not going to follow documentation and not implement required functions and make you read my god awful code snippets to find out what I what I did wrong instead of reading the docs or comparing against the SDK.”
To anyone that behaves this way...fuck you! Just stop. Stop being a developer altogether. If your “opportunity” is so important, why the fuck are you half-assing your support ticket? Why are you making it SO DAMN DIFFICULT for someone to help support you! Give as much info as possible to prove your point or provide context to the problem you are having. In the majority of these tickets the dumbasses don’t even consider that relaying the product’s firmware version is relevant information, that a Wireshark (and/or logic analyzer) capture can be very useful to provide context to the type of operation being performed. Code snippets can be nice but only if there is sufficient context. We have had to ask one guy 3 times already for the FW version...what the flipping hell is wrong with you?!
Ug...I feel sorry for Support/FAEs sometimes dealing with customer bullshit drives me nuts and its a shame this stuff happens in a sector that should know better...Please don’t be like these devs. If you make a half-assed request it is only reasonable to expect a half-assed response and nothing more. -
I want to start learning to write a simple game server emulator in C#. The game works LAN but it gets LAN disconnected when internet drops so some sort of keepalive is implemented. I can copy the files to another device and it works online without a login etc so there is no online authentication but as soon as internet drops the LAN game goes down to so i need to emulate the online update server or something like that to prevent that from happening. (spotted with Wireshark etc)
I don't have much experience , just created a simple tcp client/server console app but in this case I ofcrs will only need a server one in combination with custom dns. Any tips on where to start? Does someone have an example game server emulator? or update server emulator?1 -
Does anybody know if there's a tool for parsing protobuf using live Network capture? I basically want to be able to pass profiles into something like Wireshark and get a live request response cycle1
-
To be fair, I wonder if for a future job where I get to contact clients by phone, or even before, I could make a workaround using my phone plugged to my computer, with Wireshark or sth in the background intercepting calls, and identifying and btfo of scammers and phone surveys wasting everyone's time.
Idgaf if it's too ambitious, I wanna find out for myself, even more when I get a call now.1 -
Are there any sysadmins here who know how to deal with ddos attacks properly? I can even offer pay. Situation is that I launched my java app (gameserver) on linux debian and configured iptables to allow only specific ips. Basically I made only 1 port open for loginserver and if player logins into loginserver it adds his ip to iptables so hes able to proceed to gamesever. However I am still receiving massive up to 900MB/s attacks for example: http://prntscr.com/q3dwe8
It appears that even if I left only one port open, I still can't defend against ddos attacks. I made some captures with tcpdump and analyzed them on wireshark but to be honest I cant really tell what I'm looking at.
I am using OVH which is supposed to be ddos protected but maybe I messed up during iptables configuration, I'm not sure.
Can anyone help?15