May 23 2012, 04:01 PM
QUOTE(VinluV @ May 23 2012, 03:43 PM)
here's the setup tho a very very simplified one.
2 pc in the same network. By network I mean me and mate using my router.
No opendns, No dns crypt, No authenticator used, firewall and my IPS turned off.
after trading and dropping items left and right for about half an hour and monitoring packets with tcpdump,
i just copied some token values from my friend to my packets (a certain open source scarab javascript packet interceptor i bet you know was used
)
For a few seconds, i got him off his account. Then I got the i got kicked of battle net error.
what i can suspect is that my token and session weren't matching the ones on battlenet so i got kicked off, as the next few packets sent from me was using my original values, instead of the "malformed" packet.
Its doable but based on my setup its quite a below basic one, its still a long way for me.
Will try to pass u a dump with better values if i can get some sort of poc.
edit: wouldn't be surprised if chinese have pwned bnet
What you described is the typical man in the middle attack where a hacker sits some where inside the same network as you are and use packet siffer to sniff out the packet s you send and receive to Blizzard server.2 pc in the same network. By network I mean me and mate using my router.
No opendns, No dns crypt, No authenticator used, firewall and my IPS turned off.
after trading and dropping items left and right for about half an hour and monitoring packets with tcpdump,
i just copied some token values from my friend to my packets (a certain open source scarab javascript packet interceptor i bet you know was used
)For a few seconds, i got him off his account. Then I got the i got kicked of battle net error.
what i can suspect is that my token and session weren't matching the ones on battlenet so i got kicked off, as the next few packets sent from me was using my original values, instead of the "malformed" packet.
Its doable but based on my setup its quite a below basic one, its still a long way for me.
Will try to pass u a dump with better values if i can get some sort of poc.
edit: wouldn't be surprised if chinese have pwned bnet
This is almost undoable on the open internet.
I have been reading the Diablo 3 official forum and really tempted to try to replicate or some how prove Blizzard is covering up and downplay the whole issue while at the same time keep blaming the users for hacking. This is even worse when combined with fanboys on the forum insulting and accusing people of lying about getting hacked with an authenticator.
Quote
0.0175sec
0.30
6 queries
GZIP Disabled