Thread: Unsent post recovery

Introduction

Today such a story happened to me...
I was typing a large post tap...tap...tap and it really took much time and some effort. When I pressed "Submit" I saw the following screen:



I sometimes see messages like this in some forums when session was closed or autologout happened or such. But when I go back I usually see the previous page with my message typed in the field. But this time I saw an empty quick-reply field. Yeah, shit happens!
Lazy as a real programmer I didn't dream about typing everything once more. I went forward and returned to the screen above. Tried to F5 but it was unsuccessfully - I saw that page again. However when I pressed "Refresh" Firefox shown the dialog with offer to repeat data upload. Who uses Firefox might know that such a window appears when browser stored search query / message to send / other stuff. So my message is not lost!

Now I'll tell you the story "How I restored super-mega-important info"...

Solution

First of all I was lack of some tool - it is a sniffer! I have googled and downloaded the first one that was free. It appeared to be "IP Sniffer". You can find it here: Erwan's Lab or use any other you love. On launch you see the main window where top left part is table of IP frames, bottom left is frame viewer and right one is header info.



First select correct IP of the interface corresponding to your Internet access. In my case it is private IP, so I don't need to paint it over - envy me guys (yeah, I've just found the advantage of private IP)!
Now let's learn IP address for the site that produced the problem. It was... well, I think you know it yourself. It can be done with a lot of ways. I'll do it in IP Sniffer. Tools => DNS => Local Resolver and you are ready to input site address.



Now we know IP and can filter IP frames by IP destination. Click "Filters" button (right to your IP address) and fill the field "IP Destination" with site IP. Can't do it? Use "+"!





Click "OK" and run listening by pressing "Start" button. Now return to the browser and refresh the page approving resending data. Alttab back to sniffer and stop process. Now feel yourself a hacker and begin looking for frames with useful data, top to bottom. When found select (see screenshot) and copy it with Edit => Copy selection (text).



Paste it in your favorite text editor. There can be some trash symbols in the end - delete them. If your epistle was as much as my one you'll have to repeat operations with several next frames concatenating text in editor.



Your experienced hacker's eye of course noted that something is wrong with text! Yeah, after sniffing a real hacker must decrypt data! I'll help you! Try some replaces like:
'+' => ' '
'%2C' => ','
'%28' => '('
'%29' => ')'
':' => '.'
'%3Cbr%3E' => '\n' (line breaks should be replaced in Esc-sequences mode)
... and so on.

After that text must look nice. It is done!

Message to you

I am not sure this "tutorial" can really be useful, but I hope I made you smile.
Just for fun, guys!

This tutorial is several levels above my pay grade.

If you are running Windows, you can utilize my non-hackeresque solution--the Ditto clipboard enhancer, which is free and available here: Ditto clipboard manager. Just a simple three mouse clicks to select all text, then Ctrl-C when you are finished a long post or if the system logs you out in the middle of a magnum opus. Your work is then saved and available for easy access later--the classic ounce of prevention, pound of cure cost/benefit analysis applies here. Also a very handy program if you work the intro section for quick cut and pasting of common replies or rep in messages.

I appreciate your advice but in my case it wouldn't work as the program must be installed before an incident. Actually it was enough just to copy the post to the buffer before submitting, but I didn't.
Howbeit don't take this tutorial too seriously :001_smile: