I have been using Wireshark and I noticed that my plugin seem to track down everything I do. I would like to see what is sending back.
content looks something like:
Headers:
HTTP/1.1 200 OK Connection: close Date: Thu, 19 May 2011 05:40:29 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 90 Content-Type: app/x-hotbar-xip20 Expires: 0
Content XIP_2.0|1.SDF|67|70|xŚˇ334‹330±00ąr+-ĪĢ+.-JĢKNĶĻĖÉĢKÕKĪĻ¨3ä ¨Ó¸3©Õ5ār‘qŁ©•åłE)Å\Č#
When I try to open it, it downloads me a sitedisp.dll file which does not say anything. How can I open/decode these type of files?
It seems to connect to IE plugin
sitedisp.dllis a DLL file, which means it’s a binary which contains executable code. Opening it will probably not teach you much unless you know Assembler or if it’s a .NET DLL, Intermediate Language. The data which is sent back to the server is not going to be part of that DLL.It looks like that this: xŚˇ334‹330±00ąr+-ĪĢ+.-JĢKNĶĻĖÉĢKÕKĪĻ¨3ä ¨Ó¸3©Õ5ār‘qŁ©•åłE)Å\Č#
could be the data in some encrypted form, however I’m not sure.