I saw when this hit ISC.SANS.ORG yesterday. My first thought was, this is great, but I don't even know where to start. I know I can load a pcap file into wireshark, but can't get it to go via tcpdump sadly :( .
I found in the file the person she was im'ing. I think. now I'm trying to figure out what I need to know so I can figure out howto extract the file.
Blackazarro, you're tool post up there was a stepping stone I needed. I'm actually trying this tonight, thinking I probably don't know enough to pull it off.
I'd like to see a walk through, with what tools were chosen and why at some point to learn from. I know go read the great books mentioned around here, starting with hacking for dummies. (though seriously I think my next read will be on how to improve my reading speed :) ).
Ok, so I got to the point where I have the xml files. Figured that one out while eating a bowl of cereal took all my will not to toss the bowl into the sink and run to the computer. Part I'm stuck at now, are reconstructing the file into the right format (from zip archive / xml) to get the last of the data.
What a way to spend a Saturday Night.
Last edited by rattis
on Sat Aug 22, 2009 11:24 pm, edited 1 time in total.