OpenSC - Security Research and Development Forum -

User Tag List

Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 42
  1. Post #21
    #21
    Junior Member
    Join Date
    May 2011
    Posts
    6
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    1 Post(s)
    DADA1C7, what do you mean? can you elaborate please?

  2. Post #22
    #22
    Senior Member Ntoskrnl's Avatar
    Join Date
    Jun 2014
    Posts
    143
    Like (Stats)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    91 Post(s)
    Quote Originally Posted by esperanto View Post
    DADA1C7, what do you mean? can you elaborate please?
    SPDY is a protocol used to compress http headers, it's used by some sites like google and facebook. They're not encrypted, just compressed.
    OpenSC IRC: irc.malwaretech.com #main


  3. Dislikes LeFF disliked this post
  4. Post #23
    #23
    Junior Member
    Join Date
    Jul 2014
    Posts
    13
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    4 Post(s)
    Quote Originally Posted by unnamed View Post
    im not lamer like u this code will be trash when chrome got update, i dont have to time write it via delphi, understand lame?
    How come he is the lamer? he is actually the person who helped others instead of begging for code.
    "I don't have time" - lol.

  5. Post #24
    #24
    Senior Member
    Join Date
    Apr 2009
    Posts
    328
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    7 Post(s)
    Firstly the ZwReadFile hook code will only work on your OS version. The syscall index isn't guaranteed to be the same over various OS version or even architectures.
    Then you should have your code that hooks ZwReadFile make it first call a fixup function so you don't need the inline asm but that's a style issue.
    Naming sucks aswell. _cChromeZwReadFile()? Why not hooked_ZwReadFile()? Or Chrome::hooked_ZwReadFile() (Yes that is a namespace)
    Then that EDI thing is not needed.
    I guess cChromeReadFile (horrible name) is a global variable and so this code won't be thread safe (I have to admit that I don't know whether chrome uses multiple threads for network request or not)

    Quote Originally Posted by Ntoskrnl View Post
    Afaik post data ends with a single \r\n.
    Not for multipart encoding. (And obviously not for anything homecooked - e.g. ZeuS protocol. What I'm saying is that POST data has no fixed layout)

    Quote Originally Posted by WormFC1 View Post
    Is there any way to avoid it?
    yes. Do your shit right.

    Quote Originally Posted by WormFC1 View Post
    ReadProcessMemory?
    memcmp?
    I can't imagine a scenario where those too would help. Learning to debug however would certainly.

    Quote Originally Posted by unnamed View Post
    this code will be trash when chrome got update
    Find something (for example with the search function here) that won't just get trashed
    ERROR_INTERNET_INSERT_CDROM

  6. Likes WormFC1 liked this post
  7. Post #25
    #25
    Junior Member
    Join Date
    Jul 2014
    Posts
    4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    Do you guys know what function should be hooked to work in webinjects? I mean, control the html code (view/edit) in Chrome.

  8. Post #26
    #26
    Junior Member
    Join Date
    Jul 2014
    Posts
    13
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    4 Post(s)
    Quote Originally Posted by wacked View Post
    Firstly the ZwReadFile hook code will only work on your OS version. The syscall index isn't guaranteed to be the same over various OS version or even architectures.
    Then you should have your code that hooks ZwReadFile make it first call a fixup function so you don't need the inline asm but that's a style issue.
    Naming sucks aswell. _cChromeZwReadFile()? Why not hooked_ZwReadFile()? Or Chrome::hooked_ZwReadFile() (Yes that is a namespace)
    Then that EDI thing is not needed.
    I guess cChromeReadFile (horrible name) is a global variable and so this code won't be thread safe (I have to admit that I don't know whether chrome uses multiple threads for network request or not)

    Not for multipart encoding. (And obviously not for anything homecooked - e.g. ZeuS protocol. What I'm saying is that POST data has no fixed layout)

    yes. Do your shit right.

    I can't imagine a scenario where those too would help. Learning to debug however would certainly.

    Find something (for example with the search function here) that won't just get trashed
    I appreciate this tips.

  9. Post #27
    #27
    Junior Member
    Join Date
    Jul 2014
    Posts
    8
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    9 Post(s)
    Quote Originally Posted by backb0ne View Post
    Do you guys know what function should be hooked to work in webinjects? I mean, control the html code (view/edit) in Chrome.
    recv (WSARecv in older versions)

  10. Post #28
    #28
    Senior Member Ntoskrnl's Avatar
    Join Date
    Jun 2014
    Posts
    143
    Like (Stats)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    91 Post(s)
    Quote Originally Posted by pandemiya View Post
    recv (WSARecv in older versions)
    lolz

  11. Dislikes LeFF disliked this post
  12. Post #29
    #29
    Junior Member
    Join Date
    Jul 2014
    Posts
    4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    Quote Originally Posted by pandemiya View Post
    recv (WSARecv in older versions)
    Humm.. I use the latest version, and WSARecv doesn't get called, but recv yes. Hooking this function and saving logs the maximum I got was headers, but no html content. I created a local file with 'Hi' in the html body, and openned while hooking this function, no logs were created. I don't think HTML content goes thru this function...

  13. Post #30
    #30
    Junior Member
    Join Date
    Jul 2014
    Posts
    4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    Doing some tests I got a strange result hooking recv. Look like some websites code goes thru this, other ones doesn't. I can't understand what's the logic behind this, why google chrome use recv for some sites only? Is senseless... For 10 websites, I get the html content for 4. Where are the other 6 that just don't appear on log? I'm confused.

Page 3 of 5 FirstFirst 12345 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Chrome SSL Form Grabbing Explained
    By mickylee in forum Tutorials and Articles
    Replies: 25
    Last Post: 05-03-2015, 10:49
  2. Anyone tried Ares Form Grabber?
    By deaduser666 in forum Malware Discussion and General Help
    Replies: 29
    Last Post: 22-11-2012, 14:57
  3. Good Free/Cracked Form Grabber?
    By gamepro127 in forum Malware Discussion and General Help
    Replies: 0
    Last Post: 17-10-2012, 22:15
  4. Replies: 4
    Last Post: 09-02-2012, 08:12
  5. [help] form grabber
    By opc0de in forum General Programming Help
    Replies: 7
    Last Post: 05-04-2010, 15:22

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •