1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: Chrome Form Grabber

Results 21 to 30 of 42

  1. #21
    Junior Member
    Join Date May 2011
    Posts 7
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    DADA1C7, what do you mean? can you elaborate please?
  2. #22
    Ntoskrnl's Avatar
    Senior Member
    Join Date Jun 2014
    Posts 143
    Like (Stats)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    96 Post(s)
    DADA1C7, what do you mean? can you elaborate please?
    SPDY is a protocol used to compress http headers, it's used by some sites like google and facebook. They're not encrypted, just compressed.
    irc.malwaretech.com
  3. Dislikes LeFF disliked this post
  4. #23
    Junior Member
    Join Date Jul 2014
    Posts 11
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    4 Post(s)
    im not lamer like u this code will be trash when chrome got update, i dont have to time write it via delphi, understand lame?
    How come he is the lamer? he is actually the person who helped others instead of begging for code.
    "I don't have time" - lol.
  5. #24
    Senior Member
    Join Date Apr 2009
    Posts 329
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    10 Post(s)
    Firstly the ZwReadFile hook code will only work on your OS version. The syscall index isn't guaranteed to be the same over various OS version or even architectures.
    Then you should have your code that hooks ZwReadFile make it first call a fixup function so you don't need the inline asm but that's a style issue.
    Naming sucks aswell. _cChromeZwReadFile()? Why not hooked_ZwReadFile()? Or Chrome::hooked_ZwReadFile() (Yes that is a namespace)
    Then that EDI thing is not needed.
    I guess cChromeReadFile (horrible name) is a global variable and so this code won't be thread safe (I have to admit that I don't know whether chrome uses multiple threads for network request or not)

    Afaik post data ends with a single \r\n.
    Not for multipart encoding. (And obviously not for anything homecooked - e.g. ZeuS protocol. What I'm saying is that POST data has no fixed layout)

    Is there any way to avoid it?
    yes. Do your shit right.

    ReadProcessMemory?
    memcmp?
    I can't imagine a scenario where those too would help. Learning to debug however would certainly.

    this code will be trash when chrome got update
    Find something (for example with the search function here) that won't just get trashed
    ERROR_INTERNET_INSERT_CDROM
  6. Likes WormFC1 liked this post
  7. #25
    Junior Member
    Join Date Jul 2014
    Posts 4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    Do you guys know what function should be hooked to work in webinjects? I mean, control the html code (view/edit) in Chrome.
  8. #26
    Junior Member
    Join Date Jul 2014
    Posts 11
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    4 Post(s)
    Firstly the ZwReadFile hook code will only work on your OS version. The syscall index isn't guaranteed to be the same over various OS version or even architectures.
    Then you should have your code that hooks ZwReadFile make it first call a fixup function so you don't need the inline asm but that's a style issue.
    Naming sucks aswell. _cChromeZwReadFile()? Why not hooked_ZwReadFile()? Or Chrome::hooked_ZwReadFile() (Yes that is a namespace)
    Then that EDI thing is not needed.
    I guess cChromeReadFile (horrible name) is a global variable and so this code won't be thread safe (I have to admit that I don't know whether chrome uses multiple threads for network request or not)

    Not for multipart encoding. (And obviously not for anything homecooked - e.g. ZeuS protocol. What I'm saying is that POST data has no fixed layout)

    yes. Do your shit right.

    I can't imagine a scenario where those too would help. Learning to debug however would certainly.

    Find something (for example with the search function here) that won't just get trashed
    I appreciate this tips.
  9. #27
    Junior Member
    Join Date Jul 2014
    Posts 8
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    9 Post(s)
    Do you guys know what function should be hooked to work in webinjects? I mean, control the html code (view/edit) in Chrome.
    recv (WSARecv in older versions)
  10. #28
    Ntoskrnl's Avatar
    Senior Member
    Join Date Jun 2014
    Posts 143
    Like (Stats)
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    96 Post(s)
    recv (WSARecv in older versions)
    lolz
  11. Dislikes LeFF disliked this post
  12. #29
    Junior Member
    Join Date Jul 2014
    Posts 4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    recv (WSARecv in older versions)
    Humm.. I use the latest version, and WSARecv doesn't get called, but recv yes. Hooking this function and saving logs the maximum I got was headers, but no html content. I created a local file with 'Hi' in the html body, and openned while hooking this function, no logs were created. I don't think HTML content goes thru this function...
  13. #30
    Junior Member
    Join Date Jul 2014
    Posts 4
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    Doing some tests I got a strange result hooking recv. Look like some websites code goes thru this, other ones doesn't. I can't understand what's the logic behind this, why google chrome use recv for some sites only? Is senseless... For 10 websites, I get the html content for 4. Where are the other 6 that just don't appear on log? I'm confused.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Chrome SSL Form Grabbing Explained
    By mickylee in forum Tutorials and Articles
    Replies: 25
    Last Post: 05-03-2015, 10:49
  2. Replies: 4
    Last Post: 09-02-2012, 08:12
  3. [help] form grabber
    By opc0de in forum General Programming Help
    Replies: 7
    Last Post: 05-04-2010, 16:22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Tags for this Thread