Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Window class names for more tools #1

Closed
puff opened this issue Aug 1, 2019 · 1 comment
Closed

Window class names for more tools #1

puff opened this issue Aug 1, 2019 · 1 comment

Comments

@puff
Copy link

puff commented Aug 1, 2019
edited
Loading

x32/x64dbg use the same as IDA Pro (Both are QT applications, and this could cause a lot of false positives)

WindowsForms10.Window.8.app.0.2bf8098_r6_ad1 - Fiddler
Fiddler is a windows form, which means it shares a class name with a lot of other windows forms apps
To bypass fiddler, set the proxy to null before sending an http request

XTPMainFrame - HTTPDebugger
SunAwtFrame - Charles Web Debugging Proxy
these are also shared by other programs

using class names can cause a lot of false positives though
@BaumFX
Copy link
Owner

BaumFX commented Aug 2, 2019

I'd rather get a lot of false positives than have someone easily bypass it by just changing the process name or window title.

Of course you are right about the QT window class name, but that's just how it is - I cannot change much about that without giving up some of the security.

The "SunAwtFrame" is already in the list because of the detection of Ghidra, I will add the "XTPMainFrame" in the next update (probably tomorrow).

Thank you for your suggestions.

@BaumFX BaumFX closed this as completed Aug 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BaumFX @puff