Remember way back, when I released Aimsnarf? Well, it turns out that people were interested in one for Yahoo IM, so I’m happy to present Yahsnarf, the Yahoo messenger sniffing script.
You can download the script on the yahsnarf project page.
Yahsnarf requires Ruby, ruby-pcap and bit-struct (Thanks Matasano for introducing me to bit-struct, made this script take about 1/4rd the time to write)
I’m also currently working on an NSM-Console module for Yahsnarf.
This script is a little different than Aimsnarf, mostly because Aimsnarf was the first program I ever wrote in Ruby, so it tended to be just a little rusty, without the best design practices. For one, Yahsnarf is way smaller than Aimsnarf (70 lines to around 150), and Yahsnarf follows an object-oriented design. Enough of that, here’s what you can expect to see:
shell> sudo ./yahsnarf.rb -i en1
Use '-h' to display usage
Capture/Decoding...
buddy1 --> buddy2: This is a test of yahsnarf
buddy2 --> buddy1: A test this is of yahsnarf; it's awesome!
buddy1 --> buddy2: thanks for the help :)
You can also use ./yahsnarf.rb -r <pcapfile> to read and extract from a network capture file.
Pretty simple eh? Replace buddy1 and buddy2 with the screen names of the conversationalists. There are a few issues I’m still working out, like usernames not always showing up (they could for the most part). Also, this obviously does not work on encrypted messages (OTR or otherwise), so if you value your privacy, use encryption.
Remember, don’t ever say anything over IM that you wouldn’t mind the world knowing, you never know who could be listening in
In conclusion, I’d also like to thank Yahoo, for making their protocol so much less of a pain to decode than AOL’s.
fenris wrote:
thanks bro … u already makes the IM world in precaution … congrate & nice work … i’ll try the yahsnarf a.s.a.p ..
Link | April 3rd, 2008 at 3:03 pm
darkin wrote:
I’m looking for software that will allow me to eavesdrop on a remote individual who is using Yahoo IM. Will yahsnarf do that for me?do this for me? Thanks
Link | July 1st, 2008 at 9:55 pm