Jump to content
Tuts 4 You

Locating SSL_Write and SSL_Read


whoknows

Recommended Posts

plainsec.org/man-in-the-browser-in-google-chrome-part-2-locating-ssl-write-and-ssl-read/

 

bonus

delete ur tweets - github.com/micahflee/semiphemeral

KeePass 2.46 - frm48 - password manager supports FTP, HTTP, and WebDAV protocols by default - ghacks.net/2020/09/11/password-manager-keepass-2-46-has-been-released/

Huawei’s HarmonyOS is now open source - openharmony.gitee.com/openharmony

Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS - raccoon-attack.com

Edited by whoknows
add Raccoon
Link to comment

I've had this for Edge, Chrome, FF, and Safari for years. You just find where they process the buffer for static or dynamic TLS lib and dump it or write it. Botnet malware has been doing MITB for decades.

 

Password managers you just poll UI callbacks or thread-input and test against storage; even if they have a U2F etc..

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...