Grinder for Edge on Win10

Question

Grinder for Edge on Win10

Opened this issue 9 years ago · 14 comments

pyoor commented 9 years ago

Has anyone got a working stub for Edge on Win10?

Answer 1 · 2015-12-03T08:28:58.000Z

@pyoor I will be starting to write one now. Let me see how it works out.

Answer 2 · 2015-12-06T10:54:40.000Z

@hacksysteam I hope that You will succeed :)

Answer 3 · 2015-12-16T17:01:35.000Z

Latest Edge come with new mitigation that prevent inject unsigned DLL. Grinder logger works only with successful dll injection. This is a problem :(.
https://blogs.windows.com/msedgedev/2015/11/17/microsoft-edge-module-code-integrity/

Answer 4 · 2015-12-18T10:30:27.000Z

Can't you workaround this problem with some leaked code signing certs? (e.g. https://www.duosecurity.com/static/files/DellCertificates.zip)

Answer 5 · 2015-12-18T14:53:29.000Z

@v-p-b Nice. But how about self signed certificate and trusting the root CA?

Answer 6 · 2015-12-18T14:57:14.000Z

@hacksysteam Sounds good! Self-signed might be problematic but registering an internal CA seems like a universal solution.

Answer 7 · 2015-12-19T14:52:34.000Z

I've already tried to add a Root CA and signed the DLL. Windows 10 tells "This digital signature is OK", but still cannot inject to MicrosoftEdgeCP.exe. According to msedgedev blog, Edge uses enforcement in the kernel. Maybe have to look the kernel to see what happening.

Answer 8 · 2015-12-19T16:07:36.000Z

@ca0nguyen Quoting from MS Edge blog *"DLLs that are either Microsoft-signed, or WHQL-signed, will be allowed to load, and all others will be blocked." *. I guess we need to dig kernel then.

Answer 9 · 2015-12-19T17:36:43.000Z

@hacksysteam Thanks to point out. I missed that part and took hours to make signtool work. The more challenge now since I don't know much about kernel stuff.

Answer 10 · 2016-01-04T11:48:33.000Z

@ca0nguyen Now, that's a good thing. We can now inject grinder_logger in Edge

http://www.sekoia.fr/blog/microsoft-edge-binary-injection-mitigation-overview/

Answer 11 · 2017-03-25T16:35:51.000Z

@hacksysteam Did you manage to create a PoC for this? If I understand correctly this would require patching LoadLibrary() (with a kernel debugger perhaps?), no configuration option is available, right?

Answer 12 · 2017-03-26T04:01:52.000Z

@v-p-b unfortunately no. Currently I'm not fuzzing browsers. But with new mitigations in Edge, it would be hard to run this logger. However, I can not guarantee as I have not tested it.

Answer 13 · 2019-02-10T02:30:03.000Z

Can't you workaround this problem with some leaked code signing certs? (e.g. https://www.duosecurity.com/static/files/DellCertificates.zip)

Hi v-p-b, do you have that zip file still? I would like to use them. :-)

Answer 14 · 2019-02-10T02:31:48.000Z

DellCertificates.zip

Got it, never mind. https://duo.com/assets/files/DellCertificates.zip