REX Web Sync Communication Traffic

Last updated - October 4, 2001

REX Web Sync Communication Traffic

Completed by: Peter Richard

I captured the traffic bewteen Intellisync and www.rex.net. I'll post the results later as there is a lot of cut'n'paste to do bewteen the sniffer's log and a text editor.

The rex(intellisync) client posts the username, password, rex serial no. and its all done in plain text, thus exposing your password to any traffic sniffer. A session cookie is obtained and the session is closed. A second session is opened using the new cookie and data about the software version of the rex and intellisync is sent along with the language, country (from worldclock) etc.

There's a request for ads (empty) and a request for content. But I'm not going to bore you further. Hopefully I'll post a complete session similar to following sample later this evening for those willing to torture themselves.

Sample of initial session:

open connection from port 1889 to server on port 80 (HTTP)
**** From: 192.168.010.196:1889 To: 064.014.019.033:80 ****
50 4F 53 54 20 2F 70 6F 72 74 POST /port
0040 61 6C 2F 72 65 71 75 65 73 74 66 69 6C 74 65 72 al/requestfilter
0050 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D HTTP/1.1..User-
0060 41 67 65 6E 74 3A 20 52 65 78 4E 65 74 43 6F 6E Agent: RexNetCon
0070 6E 65 63 74 6F 72 0D 0A 48 6F 73 74 3A 20 73 79 nector..Host: sy
0080 6E 63 2E 72 65 78 2E 6E 65 74 0D 0A 43 6F 6E 74 nc.rex.net..Cont
0090 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 31 35 32 0D ent-Length: 152.
00A0 0A 0D 0A 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E ...<?xml version
00B0 3D 22 31 2E 30 22 3F 3E 0A 0A 3C 6F 70 65 6E 73 ="1.0"?>..<opens
00C0 65 73 73 69 6F 6E 3E 0A 3C 75 73 65 72 6E 61 6D ession>.<usernam
00D0 65 3E 70 72 69 63 68 61 72 64 3C 2F 75 73 65 72 e>prichard</user
00E0 6E 61 6D 65 3E 0A 3C 70 61 73 73 77 6F 72 64 3E name>.<password>
COMMENT: my password is xx'ed out
00F0 xx xx xx xx xx xx xx 3C 2F 70 61 73 73 77 6F 72 xxxxxxx</passwor
0100 64 3E 0A 3C 73 65 72 69 61 6C 6E 75 6D 62 65 72 d>.<serialnumber
0110 3E 4C 30 30 38 4D 42 30 30 42 46 41 41 3C 2F 73 >L008MB00BFAA</s
0120 65 72 69 61 6C 6E 75 6D 62 65 72 3E 0A 3C 2F 6F erialnumber>.</o
0130 70 65 6E 73 65 73 73 69 6F 6E 3E pensession>

**** From: 064.014.019.033:80 To: 192.168.010.196:1889 ****
48 54 54 50 2F 31 2E 31 20 32 HTTP/1.1 2
0040 30 30 20 4F 4B 0D 0A 53 65 72 76 65 72 3A 20 4E 00 OK..Server: N
0050 65 74 73 63 61 70 65 2D 45 6E 74 65 72 70 72 69 etscape-Enterpri
0060 73 65 2F 33 2E 36 20 53 50 33 0D 0A 44 61 74 65 se/3.6 SP3..Date
0070 3A 20 57 65 64 2C 20 32 32 20 41 75 67 20 32 30 : Wed, 22 Aug 20
0080 30 31 20 31 38 3A 32 33 3A 30 32 20 47 4D 54 0D 01 18:23:02 GMT.
0090 0A 53 65 72 76 65 72 3A 20 57 65 62 4C 6F 67 69 .Server: WebLogi
00A0 63 20 35 2E 31 2E 30 20 53 65 72 76 69 63 65 20 c 5.1.0 Service
00B0 50 61 63 6B 20 36 20 30 39 2F 32 30 2F 32 30 30 Pack 6 09/20/200
00C0 30 20 32 31 3A 30 33 3A 31 39 20 23 38 34 35 31 0 21:03:19 #8451
00D0 31 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 1..Content-Type:
00E0 20 74 65 78 74 2F 78 6D 6C 0D 0A 53 65 74 2D 43 text/xml..Set-C
00F0 6F 6F 6B 69 65 3A 20 72 65 78 73 65 73 73 69 6F ookie: rexsessio
0100 6E 3D 4F 34 50 34 53 7A 5A 35 4F 5A 75 35 65 46 n=O4P4SzZ5OZu5eF
0110 41 4D 41 56 6F 4E 33 36 4C 57 65 4C 59 51 49 67 AMAVoN36LWeLYQIg
0120 6F 72 38 35 70 65 37 4E 39 58 30 54 72 59 67 66 or85pe7N9X0TrYgf
0130 34 39 51 71 58 62 7C 37 30 33 31 30 39 33 34 33 49QqXb|703109343
0140 34 33 32 34 34 32 38 30 31 38 2F 31 30 37 34 36 4324428018/10746
0150 36 34 32 36 39 2F 36 2F 37 30 30 33 2F 37 30 30 64269/6/7003/700
0160 33 2F 37 30 30 32 2F 37 30 30 32 2F 37 30 30 33 3/7002/7002/7003
0170 2F 2D 31 7C 2D 31 34 39 34 30 34 35 37 31 38 32 /-1|-14940457182
0180 35 32 36 30 38 37 30 38 2F 31 30 37 34 36 36 34 52608708/1074664
0190 32 36 35 2F 36 2F 37 30 30 33 2F 37 30 30 33 2F 265/6/7003/7003/
01A0 37 30 30 32 2F 37 30 30 32 2F 37 30 30 33 2F 2D 7002/7002/7003/-
01B0 31 7C 37 30 33 31 30 39 33 34 33 34 33 32 34 34 1|70310934343244
01C0 33 30 36 37 37 3B 20 64 6F 6D 61 69 6E 3D 2E 72 30677; domain=.r
01D0 65 78 2E 6E 65 74 3B 20 70 61 74 68 3D 2F 0D 0A ex.net; path=/..
01E0 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 Connection: clos
01F0 65 0D 0A 0D 0A e....