Well the Project will aim on one thing !
Extract one information form a free program , which is Opera Browser , i am a security engineer and my team and i , have some suspicions about how Opera browsers . which is the vpn function may collect some private information from the user PC.
Now we need to dig inside the binary file [login to view URL] in order to get one info. which is the key that opra use to encrypt the VPN request .
Now in more details :
Opera use to be used an old method to make HTTP Authentication and we use that method while we are studying opera !
Here is how we use to get the Authentication information
Open opera://net-internals/#capture page in opera.
Enable “Include the actual bytes sent/received.”
Click events
Click vpn in adress bar
Off and reOn VPN
Find “SOCKET ssl/[login to view URL]” in events
Find SE-Client-Type and SE-Client-API-Key values in headers hex dump
[[IMAGE ATTACHED]]
Now the new Opera 45.0.2552.812 has switched to v4 API.
That API uses HTTP Digest Authentication instead of SE-...HTTP headers.
POST /v4/register_subscriber HTTP/1.1
Host: [login to view URL]
Connection: keep-alive
Content-Length: 128
Accept: application/json
SE-Client-Version: Stable 45.0.2552.812
SE-Operating-System: Windows
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812
Accept-Encoding: gzip, deflate, br
HTTP/1.1 401 Unauthorized
Server: nginx/1.12.0
Date: Thu, 18 May 2017 20:32:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Status: 401 Unauthorized
WWW-Authenticate: Digest realm="ApiDigest", qop="auth", algorithm=SHA-256, nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f"
X-UA-Compatible: IE=Edge,chrome=1
Cache-Control: no-cache
X-Request-Id: 66c73f05d6950077cfd83b58fc9f498e
X-Runtime: 0.009371
X-Rack-Cache: invalidate, pass
POST /v4/register_subscriber HTTP/1.1
Host: [login to view URL]
Connection: keep-alive
Content-Length: 128
Authorization: Digest username="se0316", realm="ApiDigest", nonce="MTQ5NTEzOTUyNDozNDEyMjA0OWY0ZjE4ZDgwZDFjOGI5M2ZiNmUyMzYyMWI4Y2NiYTNiMDEwZTdmNzU0NzY2ZTNjOTA2NmYwYWM2", uri="/v4/register_subscriber", algorithm=SHA-256, response="ff7f495b6dd7c0b53119f3f92e6f3dbb7607d6a4d0441ec77359437e8b958ee2", opaque="a6feff632d495616728c8ef3532064ca457e3d0badcfa2db349a0433dcc4520f", qop=auth, nc=00000001, cnonce="d186e18e5c7172fa"
Accept: application/json
SE-Client-Version: Stable 45.0.2552.812
SE-Operating-System: Windows
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 OPR/45.0.2552.812
Accept-Encoding: gzip, deflate, br
To calculate correct response the password is needed, according to RFC 7616:
3.4.2. A1
If the algorithm parameter's value is "<algorithm>", e.g., "SHA-256",
then A1 is:
A1 = unq(username) ":" unq(realm) ":" passwd
where
passwd = < user's password >
We need the " password " which is impeded inside opera application , and we need an easy way to extract it each time !
We need someone who can work with low level of programing , such C++ and Assembly and familiar with ollydbg ([login to view URL])
I want to discuss this project with you further, let me know the best suitable time for you to schedule the meeting, Feel free to message me at any time, i used to be online 14 hrs in a day on this website so probably you will get a quick response from my end..
Hello, Mybeshoo!
It sounds like an interesting challenge and very good fit. I have great experience with reverse engineering, so it will be done in a very professional way.
Please let me know how urgent it is and when you are OK to discuss. Thank you.
Best regards,
-Mike
Hello, Expert here,ready to start immediately. I will always available on freelancer.com to discuss project specs.I have reviewed all your requirements and can deliver exactly what you are looking for, 100% guaranteed. I am confident to fulfill your requirements in timely manner, along with quality work.I have designed hundreds of personal, small business, and corporate sites in which I have had excellent feedback.I work with all of my clients, hands on, one on one to make sure they get exactly what they want. Based on your feedback I will do revisions as required unless you are 100% satisfied. Lets discuss more! In case of any further query/clarification please feel free to contact me anytime. Looking forward to work with you in this project. Thanks&Regards
Dear Prospect Hiring Manager.
Thank you for giving me a chance to bid on your project. i am a serious bidder here and i have already worked on a similar project before and can deliver as u have mentioned
I have checked your requirements. We have right skills to work on this assignment. We are a team of professionals including experienced analysts, designers, project managers, developers and QA people having great expertise in web applications development mainly on core PHP, PHP with open sources (Joomla, Wordpress, Codeigniter, Cake PHP), .NET, Asp.NET, Vb.NET, HTML 5 etc. and mobile applications on ios and Android platform.
Our award = superb result = happy client. In a good partnership, good results happen. Good cooking makes good eating!BWe consider our client as our partner.
I am ready to discuss with you
with best Regards
Hello Sir, We have gone through the details you have provided and we have already worked on a similar project before and can deliver as u have mentioned and would be pleased to work on this with you to deliver the results that you have expected and we have already worked on a similar project before and can deliver as u have mentioned
We are sure you will not be disappointed if you give us this opportunity. Our team is experienced, creative & efficient enough to get your job done well. We have an impeccable record and all our clients enjoy working with us, we are sure that you will too, our prices are cheapest in market.
[Removed for encouraging offsite communication which is against our Terms and Conditions.] for further discussion about the project
I am ready to discuss with you
with best Regards
Hey. I'll be happy to help you with this one. My main profile is https://www.freelancer.com/u/freelancer656.html . Let me know in case you'd be interested.