Printable View
Hi
I would like to know what DLL function deals with the Https encryption so i can hook it.
I used to hook the send() function from ws2_32.dll and filter data, but with and Https connexion data are encrypted, then i need to hook the encrypting function. Where is it? What is name?
What are you trying to accomplish?
I'am trying to filter some words.
i used to hook the send() function from ws2_32.dll but it does not work with a https connexion since data are crypted
nobody?
please
need help
Generally things that encrypt data are intending to prevent you from seeing what it is. Most of us aren't inclined to help anyone bypass such measures without more of an explanation.
I yet explained what i was trying to do twice....Quote:
Originally Posted by Lindley
I need to make an appli which replace a given word by another one.
I used to hook the send() function and it was working great, but i recently noticied that it does not work when it comes to Https.
where is the evil in me hooking a crypting Https function on my computer ??
On your computer? I suppose none.Quote:
Originally Posted by Usopp
On someone Else's computer? Unquantifiable.
Therein lies the problem.
Cant see how you can allow yourself to take part in a discussion to call someone a malicious or a robberQuote:
Originally Posted by Chris_F
by the way i'am totally sure you dont have any clues about how resolving this issue.
TBH, there's nothing "wrong" in the question, getting to a point where you could even get code to execute hooking already means you've managed to get into controlling every aspect of the machine.
If you'ld done a little bit of work, you would have figured out on your own that what you need is CAPI or the Crypto API, or in the case of Vista and later CNG (CAPI next generation).
What you ask isn't going to work however. The crypto uses a PRK. And you don't have the decryption key.
Even if you have nothing but good intentions keep in mind that this site is public. If a solution to your issue is posted it's also usable for all and everyone with malicious intents.Quote:
Originally Posted by Usopp
Posting some pissed off comments won't do you any good either, this site is populated with grown up peoples that actually do get a good night's sleep even though some stranger on the net post bad stuff.
You should keep your selective and sententious moraling "stuff" to those not so grown up peoples like Chris_F who come into a topic to assault original poster, calling them a thief without any good raison. Once you do that, you can go to bed.Quote:
Originally Posted by S_M_A
I'am not about to decrypt, but to hook the encrypting function, and then let the encrypting function do its job.Quote:
Originally Posted by OReubens
I'am on windows XP, not vista.
Now you're putting words in my mouth. If that's how you want to interpret it, then by all means. I won't loose any sleep just because you got easily offended.Quote:
Originally Posted by Usopp
Nobody wants to help publish code who's only function is to circumvent something which is intended to make important web connections secure.
I don't want to have my CC numbers stolen just because some 14 year old blackhat finds your post on this site and copies the solution into his next worm.
And like Chris_F I'm about to get my unrestless sleep knowing that CG not have provided an code example that could have bad impact on my everyday net browsing.
I've been on CG for over 10 years, and I've noticed that without exception, the person on CG asking for this type of "help" always has fewer than 20 posts to their name. I wonder why that is? You never see posters who have a posting history here ever ask these types of questions.
Just an observation.
Regards,
Paul McKenzie
The reason is obvious. They don't get a response they can use, so never come back. They got here because it's a programming forum and they have a question. When do you look for help, when you have something you can't solve. I'm pretty sure that the vast majority of the "suspicious" questions of this type of nature on here are in fact perfectly valid ones. Quite often people will think they need to hook/intercept something when there's really a much better way to do what they want to achieve. If it's a HTTP stream, it makes me wonder why a BHO that taps into the DHTML DOM wouldn't do exactly what the poster wants. Potentially just even patching in some Jscript via a shortcut link could already do what the poster wants.
There's more than enough sites out there that do provide in depth details about stuff like hooking, intercepting, disassembly, reverse engineering and all that "ooh scary" stuff.
I frequent several of them myself, and even there I can say hand on heart that 95% of the questions and intent is perfectly "legit". I'm not claiming the other 5% isn't, it's just not always clear by the question why/what the poster really has in mind. Quite often questions are asked there in somewhat obscure/covered intent because there's often serious bussiness security involved. A lot of the guys on there aren't "crackers", they're the security guys trying to work against them, you can't defend against that which you don't know. Sometimes you do have to try and attack your own code in order to see where the weak points are.
What I said before is 100% true. If someone has already gotten to the point where they could have some of their code hook something like the HTTPS stream, you have MUCH MUCH bigger things to worry about than that.