Curiosity is bliss    Archive    Feed    About    Search

Julien Couvreur's programming blog and more

SSL sniffing on the client

 

The german TecChannel site has written a SSL sniffing utility for windows (called tecDump) that uses undocumented hooks in wininet. They used it to analyze the communication between the windows update agent and the server, and find that some of the data sent by the client don't quite respect your privacy.
Here are the page in german and the page translated through Google.

But what I find intriguing is the API they used.
The article mentions hooks related to the HttpOpenRequest() and InternetWriteFile() calls in the wininet layer, but I haven't been able to find mention of these undocumented hooks on other sites or even download their tecDump program (registration is required to do so), to reverse engineer it.
So, if you have any pointers for the actual implementation of such a sniffer, please let me know ;-)

______________________________________
comments powered by Disqus