Sniff & Read messages

Hi all. I have wildfire 3.1.0 installed. Clients can only connect to the server using secured connections. But, one of my clients wrote his own sniffer for jabber. He gave video about server hacking. See it here

How to protect from this?

Hey zulu,

I watched the video but it is not clear to me what you are doing (i.e. how you are hacking the connection). Could you describe what you are doing?


– Gato

Hm… Thats not me, someone other sniff jabber sessions and show me this video. I cant describe what I do, because I do nothing

May be I don’'t understand something… But I thought that all traffic from server to client was encrypted. Or may I wrong and encrypted only autorization process?

When in Pandion I select to use TLS, connection going on port 5222, if SSL - 5223. Thats normal or not?

Message was edited by: zulu

That is normal. It negotiates the encryption on the 5222 port.

Hi zulu,

the video is silly. At 0:37 one can see that the client did display a secure connection (closed lock next to nick name).

At 1:34 when the “hacker” is successful no lock is displayed, and one can see the plaintext messages also in the scrolling window - so that’'s not a hack.

It seems that the small program does also send a RST or something else to terminate the existing TLS connection and then filters the starttls message so one can not create a TLS encrypted session.

As he has full control of his own computer he can install a hook which sniffs and modifies network packets - this is lame.

==> So Jivesoftware (and other jabber client vendors) should really add a “require TLS” option in Spark (jabber clients), better no connection than an unencrypted one.


Couldn’'t you just configure Wildfire to require secure client connections?

At which point, the app of his would terminate the session and Spark wouldn’'t be able to reconnect until it stopped filtering the traffic to prevent an SSL connection.

Hi DJ,

a very good point and a very easy slution if one is the server administrator.

As one may use Spark to connect to random servers this is not really an option for normal users.


it2000 thanks, you right. I think that problem solved.

But if somebody can drop connection this not good.

Hi zulu,

as he can break only the connection of his client it does not matter. He could also shutdown and restart the client as he needs administrative rights on his computer to do this.