Man-in-the-Browser in Google Chrome: Part 2 – Locating SSL_Write and SSL_Read

This second part of the Chromium Man-in-the-Browser series will take into consideration higher level wrappers such as SSL_Write and SSL_Read which are targeted by attackers to tamper secure SSL/TLS communications, respectively, before they get encrypted and after they get decrypted. Targeting those wrappers in favour of lower-level ones discussed in part 1 have proved to be a successful strategy for malware developers as the SSL VMT structure can change at any time, making automatic lookup ineffective. The order of the methods contained in it can change, methods can be replaced…

Read More