CMPE208
Spring 2006
Team: Pegasus
Homework-2
vandana goyal
Spandana Nalluri
Sampath Bhavipati
Kishore Reddy Yerramreddy
JagannathaReddy PochimiReddy

Contents

1Web based Yahoo Mail

1.1Login

1.2Sending an email

1.3Receiving e-mail (checking for new e- mail)

2.Yahoo IM

2.1 Send and Receive Yahoo Messenger Text IM

3.PC to PC calling with Yahoo Messenger

3.1 User Login

a)SIP Session

b)Voice data

c)Ending SIP session

4.Security Issues

1Web based Yahoo Mail

Protocol Observations

  1. yahoo.com domain name server uses canonical names to load balance the e-mail sessions, ( depending on geographical location of email client)
  2. Yahoo mail services are provided primarily by two servers, login server (login.yahoo.com, which authenticates the users during login) and mail server

( mail.yahoo.com , provides the standard e-mail services)

  1. HTTP Cookies are used by the login server and mail server to uniquely identify the user inbox and maintain session state.
  2. HTTPS is used to send login information, which is encrypted and more secure.

Login page contains a form with following post action ( along with hidden and input post variables), to switch to HTTPS when user enters username and password and clicks login

action="

  1. Query strings are used to provide some e-mail services ( opening inbox, compose an email ).
  2. Browser sends ‘Accept-Encoding = gzip, defalte’ in the HTTP header, and yahoo server ( both login and mail server) responds ‘200 OK’ with ‘Content-Encoding = gzip’ and hence all HTTP data is compressed using gzip and not readable in the packet sniffer (ethereal)

Following sections describe the more details (including packet capture snapshots) of the web based yahoo mail.Please refer to the file Yahoo-mail.cap for ethereal capture

1.1Login

When user types in browser, following operations are carried out by the browser.

a)Browser tries to resolve the IP address for mail.yahoo.com and once it receives answer from the DNS server (canonical name , login.yahoo.com and its IP address), browser makes a TCP connection for this IP address on port 80 ( HTTP) and downloads the login page ( using HTTP GET request, packet no. 10 in capture shown below). Please find the packet capture below.

b) Once user enters the user name and password and clicks submit, browser resolves the IP address for login server (login.yahoo.com, see packet no. 56) and starts HTTPS (secured with SSL) with login server ( 209.73.168.74, see packet no. 59) and browser sends username and password using HTTPS session. After yahoo login server authenticates the user successfully, it sends the response back, using which browser is redirected (or instructed with Java script) to switch to plain HTTP and connect to mail server (206.190.38.98, pkt no. 77). Login server sets the login cookie, which is used by the mail server to render the inbox page of user.

1.2Sending an email

a)When user clicks ‘compose’ button/link, browser sends a GET request for ym/compose page, with query string. (Packet no. 195 in following figure). Browser also sends the Cookie set by the mail server, which is used by the server to validate the user and render the proper page to the user ( page which enables the user to write an email).

b)When user finishes typing the mail and clicks send , a HTTP POST request is sent to the server , which contains the cookie (in HTTP header), complete mail ( as Post Data)

(Packet no 243 and 244 in following figure)

1.3Receiving e-mail (checking for new e- mail)

When user clicks ‘Check Mail’ then browser sends a GET request for ‘ym/showfolder’ to the mail server, with query string (with ‘rb=Inbox’ and other parameters, packet no. 398 in following figure) which are used the server to check the inbox of the user and send the result page back to the user.

2.Yahoo IM

Send and receive Yahoo Messenger Text IM

2.1 Send and Receive Yahoo Messenger Text IM

Protocol Observations

  1. Yahoo messenger runs over TCP.
  2. When user login, messenger authenticates with Yahoo login server and a session-ID is assigned (packets 24 to 31).
  3. When user starts typing messenger sends a 'NOTIFY' message to the other userthat he is typing (packet 43 below).
  4. The Messenger sends the messages in the form of 'Key-Value'. There are
    several types of key-values are like a key(4)for the sender screen name
    and key (5) for receiver screen name etc (packet 48).
  5. When somebody in the contact list becomes online, a 'Pager Logon' messageis received. Also when the person logs out a 'Pager Logoff' message is received.
  6. Here also, we can see the contents of the message in the regular text form, which does not look secure as anybody can read the message

Please refer to the file Yahoo-IM-1.cap and Yahoo-IM-2.cap for ethereal capture

3.PC to PC calling with Yahoo Messenger

3.1 User Login

When user login to the Yahoo messenger , the messenger registers with SIP server from yahoo which is “sip.yahoo.com”. For successful registration SIP server sends 200 OK (packet #161) message to the Messenger.

Please refer to the file Yahoo-voice.cap for ethereal capture

a)SIP Session

When the user A calls user B , user A sends his info by Session Description (SD). User B accepts the incoming call by sending SIP ACK to the user A. Then the SIP session is initiated between user A and user B.

b)Voice data

Once the SIP session is established between user A and user B starts talking and exchanging voice packets. Yahoo messenger uses SPEEX audio encoder which is a freeware .The voice packets are encoded by SPEEX and are placed as payload of RTP protocol.

c)Ending SIP session

User B clicked EndCall button on messenger window to disconnect the call. This endcall operation is SIP session end operation and is informed to the user A by sending SIP message BYE (packet #9483).

4.Security Issues

How would you secure Yahoo Mail?

Yahoo web mail is secured with SSL (HTTPS) only for login session, but after login, checking emails and sending emails are done with HTTP. To make it more secure, email services should be provided using HTTPS (i.e. using SSL).

How would you secure Yahoo Messenger Text IM?
Screen names and the message contents are sent in clear text. To make it secure, Yahoo Messenger protocol should use SSL to encrypt the data. But this may cause problems if

Peers establish connections directly between each other (using YAHOO_SERVICE_PEERTOPEER). This can be addressed either making SSL services available only with yahoo messenger server in between users or leaving the option to users to negotiate and establish SSL connection between each other ( by exchanging personal certificates).

How would you secure Yahoo Messenger PC-to-PCvoice call?

The messenger uses SPPEX encoder to encode audio. By capturing RTP payload and feeding to audio decoder anybody can play back the audio transmitted. To make it secure both SIP signaling and audio data should be encrypted. This can be done by Media gateway sitting in between users and negotiates SSL sessions (for SIP signaling and Audio Data) with each user individually. Using these method even conference calls can be secured. To solve the scaling problem, yahoo can offer this as a pay service.