Opt-In Software
Opt-In Software

Contacts

Blog Blog
Twitter Twitter

Programs

PAD Files

Online Tools

Proxylists

Feedback
 Write...

Jabber password recovery for Miranda IM users

Yeah, that happens with me too. Finally I forgot my password on jabber :-)

I used Miranda IM instant messenger for Windows. And when I needed to enter the password in another jabber client on my phone, it turned out that I forgot it.

Search in google gave me some links to programs that allow me to recover forgotten passwords.
However, I do not trust them. There are no guarantees that your password will not be known by third parties.

Luckily I'm a programmer, familiar with network protocols, and so I decided to try to extract the password from Miranda IM myself.

First, I found in Miranda IM settings that allow to disable encryption (turn off "Use SSL" and "Use TLS").
Also, I can turn of compression (uncheck "Enable stream compression (if possible)" on Advanced tab).
That allowed me to use a sniffer to examine the protocol exchange between Miranda IM and the jabber server.

Second, I found that I can "Manually specify connection host". That allows me to make my own "jabber server"
that will interact with my jabber client, run it on my computer and tell Miranda IM use it instead of real jabber server.
I named it JabberHost.

Third, I found that the jabber server in its first response informs of possible authentication mechanisms, including PLAIN:

<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>CRAM-MD5</mechanism>
<mechanism>LOGIN</mechanism>
<mechanism>PLAIN</mechanism>
<mechanism>DIGEST-MD5</mechanism>
<mechanism>SCRAM-SHA-1</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>

PLAIN authentication is pretty simple. Value of <auth> tag, that jabber client sends to the server is the BASE64-encoded string of this format:
'authid\0userid\0passwd' where '\0' is the null byte.

JabberHost changes the response about available authentication mechanisms, and tells jabber client that it supports only PLAIN authentication:

<?xml version='1.0'?><stream:stream xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' from='jabber.org' id='1647f61c13930926' version='1.0'>
<stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
<mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'>
<mechanism>PLAIN</mechanism>
</mechanisms>
<compression xmlns='http://jabber.org/features/compress'><method>zlib</method></compression>
<ver xmlns='urn:xmpp:features:rosterver'>
<optional/></ver></stream:features>

When jabber client sends authentication info to JabberHost, it decodes the user name and password and displays.
You can freely download sources of JabberHost as well as compiled binary file.

JabberHost Sources: jh-src.zip
To build JabberHost yourself from sources you will need Delphi 7 with Indy 9 library.

JabberHost Binary: jh-bin.zip
You don't need to install, just download, extract somewhere and use it.

On the picture below I have shown the necessary settings in Miranda IM.

Jabber password recovery for Miranda IM users

Opt-In List Manager
Email list management program. It is specially designed to provide an efficient way of processing huge email lists.
Web Proxy Checker
Free and fast proxy checking software. Supports SOCKS4/SOCKS5/HTTP/HTTPS proxies with and without authentication. Check for connect to host or load URL. Multithreaded. Handle redirects. Can download proxy list from the given URL. Built-in proxy distribution web server.
Web Searcher
Web scraping tool. Allows to search in Google and Bing for keywords and extract various data from web pages and sites.
Web Image Uploader
Web Image Uploader is a tool designed for easy and fast uploading images to an image hosting services.
Web URL Shortener
Web URL Shortener is a tool that allows to create short URLs that can be easily shared, tweeted, or emailed to friends.
RegExp Extractor
RegExp Extractor is an utility designed to extract various data from text files and logs using conditions and rules written using regular expressions.
Thumbnail Grabber
Free utility to create thumbnail screenshots of web pages in JPEG format.
Opt-In List Extractor
A simple but powerful utility to extract and combine multi column email lists.
RAS Dialer
Free dialer for Windows. Features: auto dial after start, re-dialing, minimization to tray.
Opt-In Mail
A small program to send e-mail with support of Yahoo! DomainKeys.
Opt-In Tunnel
Simple TCP port redirector. This tool accepts connections on a particular TCP port and creates a tunnel to the specified web- or mail-server.
WHOIS utility
Command line utility that performs whois lookup for domain name or IP address.
Bookmark : FavoritesFavorites Del.icio.usDel.icio.us Digg it!Digg StumbleUponStumbleUpon GoogleGoogle LiveLive FacebookFacebook TwitterTwitter RedditReddit MyspaceMyspace
Send your comments and suggestions to support@optinsoft.com
Copyright (c) 2006-12 Opt-In Software. All Rights Reserved.