xboxscene.org forums

Author Topic: Network Traffic Analyzing And Editing Setup  (Read 196 times)

SoLovely

  • Archived User
  • Newbie
  • *
  • Posts: 15
Network Traffic Analyzing And Editing Setup
« on: June 16, 2009, 11:44:00 PM »

Hello everyone, just doing some experimentation with packets, and I'm trying to find a setup that will allow me to do what I'd like to do. Now, I'm bridging my xbox connection through my laptop already which makes capture cake. A problem comes with editing. Ignoring the packet encryption for now, most places suggest setting up a proxy through my hosts file to get and resend packets to and from my xbox in order to edit packets in transit, but that requires new entries to the hosts file for every IP the xbox interacts with which, apart from being difficult since it contacts over 10 IPs in startup alone, would make it impossible to manipulate packets coming from other players in an online game. Is there any way to use my laptop as a proxy for all traffic coming through the bridged Ethernet port?
Logged

No_Name

  • Archived User
  • Hero Member
  • *
  • Posts: 562
Network Traffic Analyzing And Editing Setup
« Reply #1 on: June 17, 2009, 10:44:00 AM »

What your trying to do have been looked in to many times and its quickly become clear its not worth it due to the way the packets are encrypted and treated by the system.
Logged

SoLovely

  • Archived User
  • Newbie
  • *
  • Posts: 15
Network Traffic Analyzing And Editing Setup
« Reply #2 on: June 17, 2009, 08:36:00 PM »

QUOTE(No_Name @ Jun 17 2009, 05:44 PM) *

What your trying to do have been looked in to many times and its quickly become clear its not worth it due to the way the packets are encrypted and treated by the system.



I'm quite aware, though they and I were probably doing it for different reasons. Regardless, help would be appreciated.
Logged

No_Name

  • Archived User
  • Hero Member
  • *
  • Posts: 562
Network Traffic Analyzing And Editing Setup
« Reply #3 on: June 17, 2009, 09:59:00 PM »

QUOTE(SoLovely @ Jun 17 2009, 07:36 PM) View Post

I'm quite aware, though they and I were probably doing it for different reasons. Regardless, help would be appreciated.

The reasons do not matter you still hit the same walls, and more.
Logged

SoLovely

  • Archived User
  • Newbie
  • *
  • Posts: 15
Network Traffic Analyzing And Editing Setup
« Reply #4 on: June 18, 2009, 12:41:00 AM »

QUOTE(No_Name @ Jun 18 2009, 04:59 AM) *

The reasons do not matter you still hit the same walls, and more.


Honestly, without knowing my motives you can't make any judgment as to the outcome of what I'm trying to do. The kerboros key exchange that sets the encryption key for the entire session and the header checksum on all traffic after the authentication is completed would obviously make it near impossible to 1) find the session's encryption key(which is randomly generated per session) and 2) read(the plaintext version of) or edit any traffic coming through my bridge. If I already know that, why am still pressing forth? Perhaps because my business doesn't involve finding methods to obtain encryption keys or editing packets? Yeah...

Help would still be appreciated, and my question still stands; is there any way to capture, analyze and resend all traffic coming in and leaving from my bridged port? Any if I am doing that(via programming), will the resent packets still be identical to those obtained or will I have to spoof the IP on them so as not to mess up the checksum?(new to programming here, and these questions are just based on logic)

Thanks.
Logged

johnyblackout

  • Archived User
  • Jr. Member
  • *
  • Posts: 50
Network Traffic Analyzing And Editing Setup
« Reply #5 on: September 02, 2009, 09:20:00 PM »

I'm probably wrong here but it sounds like a basic man-in-the-middle attack where you want all packets redirected through your laptop. If so you can use cain and abel to do the arp cache poisining and then use ethereal or whatever to analyze the packets.

http://www.oxid.it/cain.html

http://www.wireshark.org/
Logged

crashzero

  • Archived User
  • Newbie
  • *
  • Posts: 1
Network Traffic Analyzing And Editing Setup
« Reply #6 on: November 08, 2009, 09:34:00 AM »

I have an similar ideia this days, but using a computer as intermediate between xbox 360 and any other connection. Share connection if a computer and using a firewall redirect all connections from xbox 360 to a "server on pc" that make changes on network packages (changing id on the packages and again on the response, or simulate the live responses).

It`s like:
Xbox <-> PC <-> FIREWALL+Server <-> Live

I don't know if is possible to do that but I really think that is a good ideia.

If is possible to simulate live responses by getting them from live by wireshark could be used to map all the live answers and requests from xbox and create a alternative live. (Maybe beacuse the difficult can be just used to unblock the HD use again making the xbox 360 think that is not banned from live).

Other possibilite alterating the packages is change de console id in the requests and respondes making live think that is another xbox 360 (major problem is to create acceptables key).

The encryptation can be the worst problem that make impossible to implement.

Sorry about my english.
Logged

majinsoftware

  • Archived User
  • Hero Member
  • *
  • Posts: 703
Network Traffic Analyzing And Editing Setup
« Reply #7 on: November 11, 2009, 03:53:00 AM »

You cant simulate live responses, Since the encryption key is different each time.
The first time the xbox will under stand the stuff.
Next time it will just be rubbish getting sent to it.

Also you cant edit the console id in the packet because yet again the encryption problem.

And to

SoLovely:
Make a basic pass though proxy.
Point your xbox to that with the settings in the dash.

Then everything will have to go though the proxy.
You can get the proxy to do all your filtering and editing.

That would be the simplest way to achieve what you want.
Logged