[injectable-windowsSchannel] Could not find function EncryptMessage

[absane]

Within a fresh Windows VM with the latest updates, I installed Python 3 and Frida. When I try to inject into any process, I get the following:

C:\Users\IEUser\Desktop\DatajackProxy-master>python DataJackProxy.py -o windows -p 4840
[*] Attaching to 4840
[injectable-windowsSchannel] Could not find function EncryptMessage
[injectable-windowsSchannel] Could not find function DecryptMessage

Not sure if I am missing something.

[calebwatt15]

So in the current version this works by looking for the SChannel functions EncryptMessage and DecryptMessage. These errors mean that those functions were not found in that process.

I've usually seen this when the target process uses something other than SChannel to perform TLS. For instance most major web browsers implement TLS via their own separate libraries.

If that's not the case, please let me know what the target app is or provide more detailed reproduction steps.

[absane]

Thank you for the quick response! I've tried against ip2launcher.exe (Java Web Start) and the binary from UserBenchmark.com (benchmarking tool), and MediaCreationToolx64.exe (Windows installer). I did try Firefox and some other browsers, but like you mentioned they use a custom implementation of TLS so they won't work.

Unfortunately, I don't have many binaries I could test with off hand. I just wanted to test out this project in case it's helpful for any upcoming engagements. Do you happen to know of any, maybe a native Windows binary, I could test?

[calebwatt15]

Sure! I've tested it specifically on OUTLOOK.exe. Outlook sends oauth2 tokens to login.windows.net periodically. I've used this to intercept and modify those.

python DatajackProxy.py -o windows -n OUTLOOK.exe

As for other TLS libraries, I hope to add support for the more popular ones in the coming months (time permitting.)

[absane]

Thank you very much for your time :)