|
If application is running and you don't have administer rights I don't think it's possible to sniff it's traffic. In the other way if application is running, you can use raw sockets (in win 2000, XP, if I'm right) and sniff all the traffic, you can inject dll in the process and reroute procedure, that handles traffic. There is article by Kris Kaspersky about bypassing firewalls in exploits and where are some ways for worm to capture traffic from exploited application. I think it may help, but it's in russian. hxxp://www.sendspace.com/file/uhvxma
|