whoknows Posted September 11, 2020 Share Posted September 11, 2020 (edited) plainsec.org/man-in-the-browser-in-google-chrome-part-2-locating-ssl-write-and-ssl-read/ bonus delete ur tweets - github.com/micahflee/semiphemeral KeePass 2.46 - frm48 - password manager supports FTP, HTTP, and WebDAV protocols by default - ghacks.net/2020/09/11/password-manager-keepass-2-46-has-been-released/ Huawei’s HarmonyOS is now open source - openharmony.gitee.com/openharmony Raccoon is a timing vulnerability in the TLS specification that affects HTTPS and other services that rely on SSL and TLS - raccoon-attack.com Edited September 12, 2020 by whoknows add Raccoon Link to comment Share on other sites More sharing options...
chickenbutt Posted September 11, 2020 Share Posted September 11, 2020 I've had this for Edge, Chrome, FF, and Safari for years. You just find where they process the buffer for static or dynamic TLS lib and dump it or write it. Botnet malware has been doing MITB for decades. Password managers you just poll UI callbacks or thread-input and test against storage; even if they have a U2F etc.. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now