X-Powered-By: ASP.NET in header. What does the file say?

I have been using Wireshark and I noticed that my plugin seem to track down everything I do. I would like to see what is sending back.

http://dynamic.hotbar.com/dynamic/hotbar/disp/3.0/sitedisp.dll?GetSDF&Dom=usinsuranceonline.com&Path=&SiteVer=0

content looks something like:

Headers:

HTTP/1.1 200 OK Connection: close Date: Thu, 19 May 2011 05:40:29 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Length: 90 Content-Type: app/x-hotbar-xip20 Expires: 0

Content XIP_2.0|1.SDF|67|70|xŚˇ334‹330±00ąr+-ĪĢ+.-JĢKNĶĻĖÉĢKÕKĪĻ¨3开发者_如何学Pythonä ¨Ó¸3©Õ5ār‘qŁ©•åłE)Å\Č#

When I try to open it, it downloads me a sitedisp.dll file which does not say anything. How can I open/decode these type of files?

It seems to connect to IE plugin

If it is a .NET dll, you can see its contents quite easily with Reflector.

http://reflector.red-gate.com/download.aspx?TreatAsUpdate=1

That said, the Hotbar terms of service appear to explicitly say you shall not decompile or reverse engineer the product... The message does appear to be encrypted in some way, as Tony mentioned. Depending on the scheme they used, it may be terribly difficult to see the contents in clear text, and since your not supposed to be reverse engineering it, I vote that you just delete the program from your machine entirely and move on to something else.

sitedisp.dll is a DLL file, which means it's a binary which contains executable code. Opening it will probably not teach you much unless you know Assembler or if it's a .NET DLL, Intermediate Language. The data which is sent back to the server is not going to be part of that DLL.

It looks like that this: xŚˇ334‹330±00ąr+-ĪĢ+.-JĢKNĶĻĖÉĢKÕKĪĻ¨3ä ¨Ó¸3©Õ5ār‘qŁ©•åłE)Å\Č# could be the data in some encrypted form, however I'm not sure.