Re: Re: SSL Encryption

Home Forums Discussions Support Portal SSL Encryption Re: Re: SSL Encryption

#6692

Vadim Smirnov
Moderator

SSL encryption is implemented in user mode above winsock layer, so there is no way for the driver to intercept unencrypted data.

Interception of unencrypted data is still possible, but very specific for the particular application. Some of the application use Microsoft SSL crypto provider implemented in secur32.dll and in order to intercept unencrypted data you have to inject your own DLL into the target process and hook SPI functions between application and secur32.dll:

InitializeSecurityContext
AcceptSecurityContext
DecryptMessage
EncryptMessage
DeleteSecurityContext

Another possibility commonly used in Windows is OpenSSL library, the solution is similar but another set of functions has to be hooked. Custom SSL libraries or another methods of traffic encryption may require different methods.