|
|
|
|
|
|
by maldev
922 days ago
|
|
|
You can just hook the networking system calls and you have the unencrypted buffer. TLS encryption doesn't do anything since you can just look at it unencrypted on the network function when they pass in the buffer. If they encrypt before the network functions, you can just look at the callstack and trace the variable containing the buffer backwards until it's non encrypted. |
|
|