ReHIPS forum

English Subforum => Developers' Blog => Topic started by: fixer on December 07, 2017, 01:01:03 pm

Title: [Feature] Chrome and cookies
Post by: fixer on December 07, 2017, 01:01:03 pm
When ReHIPS rules are installed, some folders and registry keys may be copied from real user environment into isolated user environment. Why? You can read about it here under Special Folders paragraph. So physical file with Chrome cookies is also copied. But isolated Chrome from about version 33 will fail to use these copied cookies. The issue is from that version Chrome started to use cookies encryption/decryption (I think for security reasons to mitigate cookie stealing threat) using CryptProtectData/CryptUnprotectData functions. These functions are bound to the user who calls them. Thus cookies are encrypted by real user, but decrypted by isolated user leading to incorrect decryption and failure to use cookies. In low-level details decrypt request goes to lsass process that does the decryption using hash from user-bound data.