Skype Message Editor is a simple program that sends a custom-crafted POST request to the skype and tricks it into changing another's user message
Please keep in mind that this should ONLY be used to test the vulnerability and you should not modify any messages without the explicit permission of the other person
Instructons on how to use it:
-
Download Fiddler (http://www.telerik.com/download/fiddler)
-
Open it
-
Enable HTTPS Capture (Tools -> Fiddler Options -> HTTPS -> Check Capture HTTPS connects and Decrypt HTTPS traffic) (If you see any warnings click YES on everything)
-
Login with your skype on web.skype.com
-
Send a message to a chat/user
-
Go back to fiddler and press CTRL + F and type the message you sent
-
You should see 2 results select the second one
-
Right click on it and select Copy -> Just URL
-
Paste it into the program where it says "Request URL"
-
On the side select Inspectors -> Headers and find RegistrationToken
-
Right click it -> Copy value only
-
Paste it into the program where it says "Registration Token"
-
Go back to the web skype and highlight the message you want to edit by double clicking it
-
Open up inspect element and you should see id="msg_*********************" copy it
-
Paste it into the program where it says "Message ID" (The program will remove the msg_ part)
-
Type the message you want into the program and click Send ;)
-
Thats it! :)
This just shows how unsecure skype is.. MICROSOFT PLEASE FIX!