0
I've managed to isolate one of the transactions between one of my PC's and MS's update sites. The file I uploaded is a record of the traffic when I opened Windows Update in Win7 x64 and clicked "Check for Updates".
I have found the point at which the SSL certificate is transferred, and the point at which the application data is transferred (encrypted of course). I think I can capture the binary data with mIRC socket scripting, as well as the certificate. Is there any way to run the SSL cert and the binary data through some kind of program to decode the contents of the binary data? I figure that binary data is an actual full list of updates straight from MS's servers.
With mIRC I can also do SSL connections. I haven't tested it yet, to see if I can actually get a list of updates for my instance of Win7 x64 (and decode it) but that is next on my list.
I noticed that clicking update once started about 4 different connections to MS servers. I figure that this can also include a full list of updates for MS Office as well, including the Help files that show up on windows update, but not on AutoPatcher (as of the last time I checked that is).
Would any of this be useful to you guys? Or am I re-inventing what you guys have already done?
I don't know C++. I'm not a programmer, but I am a scripter. I've done some VB (very limited). I've also done lots of batch scripting for windows. My most familiar language is mIRC scripting. I've used it to do a lot of data scraping scripts, as well as intercepting web traffic and doing my own custom processing of the intercepted traffic. Hopefully this will be of some use to you guys.
Attached Files
-
Win-Update-Traffic.zip 137.7K
3 downloads
