Visit Official Website of ICQ Sniffer programs on windows.

Introduction

This program currently sniffs and decrypts messages/urls sent from the server to an icq client. The purpose of this program is to demonstrate and give starting code on how to "decrypt" ICQ data.

At present the sniffer decrypts ICQ server protocol v6 packets i.e. (Licq for Linux and ICQ 2000a for Windows). ICQ 2000b uses protocol v7 and currently only scarcely documented on the internet. But from what I have read it is a totally new protocol similar to AOL messager. Apparently since AOL bought Mirabilis they are shifting towards the AOL protocol.

Using the program

Download and unzip the source (tar zxvf icq_snifferv0.5.tar.gz). Run make. Note this source has only been tested on a Linux system. You need root access to the system.

An example usage of this program is if you are a LAN environment (home network, college network, business network etc.) and you have root access to a client machine, you can switch the ethernet card to promiscuous mode (/sbin/ifconfig eth0 to enable promisc mode and /sbin/ifconfig -eth0 to disable promisc mode) and run the program (icq_sniffer). The program will print out all the messages/urls sent from the ICQ server to all ICQ clients on the network.

Heres a diagramatic representation of a possible usage:

As shown in the diagram User B and User C are on the same LAN and share the same hub. If User A sends an ICQ message to User B through the server, User C will be able to view it.

Possible extensions of the program

• Extend to decrypting messages sent TO the server.
• Extend to decrypting passwords sent TO the server.
• Extend to decrypting other server data (e.g. ICQ passwords).
• Sniff the unique login code sent in each session and spoof a disconnect forcing a client to disconnect.

Related Sniffer & Network Monitoring Software: