Opt-In Software
Yeah, that happens with me too. Finally I forgot my password on jabber :-)
I used Miranda IM instant messenger for Windows.
And when I needed to enter the password in another jabber client on my phone, it turned out that I forgot it.
Search in google gave me some links to programs that allow me to recover forgotten passwords.
However, I do not trust them. There are no guarantees that your password will not be known by third parties.
Luckily I'm a programmer, familiar with network protocols, and so I decided to try to extract the password from Miranda IM myself.
First, I found in Miranda IM settings that allow me to disable encryption (turn off "Use SSL" and "Use TLS").
Also, I can turn of compression (uncheck "Enable stream compression (if possible)" on Advanced tab).
That allowed me to use a sniffer to examine the protocol exchange between Miranda IM and the jabber server.
Second, I found that I can "Manually specify connection host". That allows me to make my own "jabber server" that will interact with my jabber client, run it on my computer and tell Miranda IM use it instead of real jabber server. I named it JabberHost.
Third, I found that the jabber server in its first response informs of possible authentication mechanisms, including PLAIN:
<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>CRAM-MD5</mechanism>
<mechanism>LOGIN</mechanism>
<mechanism>PLAIN</mechanism>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>
PLAIN authentication is pretty simple. Value of <auth> tag, that jabber client sends to the server is the BASE64-encoded string of this format:
'authid\0userid\0passwd' where '\0' is the null byte.
JabberHost changes the response about available authentication mechanisms, and tells jabber client that it supports only PLAIN authentication:
<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>
When jabber client sends authentication info to JabberHost, it decodes the user name and password and displays.
You can freely download sources of JabberHost as well as compiled binary file here.
On the picture below I have shown the necessary settings in Miranda IM.
I used Miranda IM instant messenger for Windows.
And when I needed to enter the password in another jabber client on my phone, it turned out that I forgot it.
Search in google gave me some links to programs that allow me to recover forgotten passwords.
However, I do not trust them. There are no guarantees that your password will not be known by third parties.
Luckily I'm a programmer, familiar with network protocols, and so I decided to try to extract the password from Miranda IM myself.
First, I found in Miranda IM settings that allow me to disable encryption (turn off "Use SSL" and "Use TLS").
Also, I can turn of compression (uncheck "Enable stream compression (if possible)" on Advanced tab).
That allowed me to use a sniffer to examine the protocol exchange between Miranda IM and the jabber server.
Second, I found that I can "Manually specify connection host". That allows me to make my own "jabber server" that will interact with my jabber client, run it on my computer and tell Miranda IM use it instead of real jabber server. I named it JabberHost.
Third, I found that the jabber server in its first response informs of possible authentication mechanisms, including PLAIN:
<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>CRAM-MD5</mechanism>
<mechanism>LOGIN</mechanism>
<mechanism>PLAIN</mechanism>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>
PLAIN authentication is pretty simple. Value of <auth> tag, that jabber client sends to the server is the BASE64-encoded string of this format:
'authid\0userid\0passwd' where '\0' is the null byte.
JabberHost changes the response about available authentication mechanisms, and tells jabber client that it supports only PLAIN authentication:
<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>
When jabber client sends authentication info to JabberHost, it decodes the user name and password and displays.
You can freely download sources of JabberHost as well as compiled binary file here.
On the picture below I have shown the necessary settings in Miranda IM.
No comments:
Post a Comment