Download from here https://www.digi77.com/ssl-eye-prism-protection/ and install Customize websites to be checked Navigate to installation folder, there is text file with the name "SSL List All Types Samples.TXT" Open it with Notepad, add your websites (see format examples below) www.digicert.com ssl.comodo.com https://www.strato.nl https://mail.ziggo.nl Save as "My list of SSLs to be checked.TXT" Move to SSL Eye installation folder Run with cusomized websites Run SSL Eye Click on the tab Multiple Websites Click on the plus-sign button in the options bar +Load Load Websites screen appears, select tab Custom Websites Click on button Load from file A new screen appears, select tab Custom Websites Open file dialog appears, open your customized text file "My list of SSLs to be checked.TXT" Your list appears in the tab Custom Websites (see picture 1) Click OK button (Load Website screen closes) Click on the traingular play button in the options bar > Scan SSL certs are checked and compared from several servers, this will take some time Results are shown (see picture 2), matching certs are represented with checkmark sign Picture 1 Picture 2 WHEN ALL SHOW OKAY CHECKMARKS, NOBODY IS IN BETWEEN YOU AND YOUR SECURE WEBSITE, SO NO MITM (MAN IN THE MIDDLE)
Combine it with SmartObjectBlocker to create an isolated browser session, see thread To prevent browser changes and a MITB (MAN IN THE BROWSER) intrusion Download and install SmartObjectBlocker, lets start with setting the ALLOW rules. You don't need to do this. It is just a precaution in case you mess up with the settings. It also is an opportunity to get used to changing the configuration rules (files). That is why the sequence of setting those configuration files is in a different order. see picture below Click on the ALLOW rules tab, Explorer folder view appears Open DLL file with NOTEPAD and copy this to this config file Allow Rules - DLL [%FILE%: *:\WINDOWS\*] [%FILE%: %PROGRAMFILES%*] [%FILE%: %PROGRAMFILESX86%*] DRIVER db is already set to Windows, so does not need changing Open PROCESS with NOTEPAD and copy this to this config file Allow Rules - PROCESS [%PROCESS%: *:\WINDOWS\*] [%PROCESS%: %PROGRAMFILES%*] [%PROCESS%: %PROGRAMFILESX86%*]
Now click on Settings button, change the MODE section to this text. In behavioral mode, Closing (Exit) SmartObjectBlocker from the tray icon, will remove all limitations because SmartObjectBlocker is not running anymore. [Mode] Type = Behavioral ProtectionDisabled = n
Now click on Exclude Rules button. In the Exclude rules only Windows signed executables and DLL's are allowed to run from Windows folder and Google signed executables from Chrome folder (DLL and Process sign are different: space versus dot). This will protect Chrome from the rest of the system (no Chrome alterations are allowed to make sure you start your banking session with a clean and hardened Chrome browser). Open Exclude file with Note, change text to [%FILE%: %WINDOWS%*] [%PUBLISHER%: Microsoft Corporation] [%PROCESS%: %WINDOWS%*] [%PUBLISHER%: Microsoft Corporation] [%FILE%: %PROGRAMFILES%\Google\Chrome\Application\*] [%PUBLISHER%: Google Inc ] [%PROCESS%: %PROGRAMFILES%\Google\Chrome\Application\*] [%PUBLISHER%: Google Inc.] [%FILE%: %PROGRAMFILESX86%\Google\Chrome\Application\*] [%PUBLISHER%: Google Inc ] [%PROCESS%: %PROGRAMFILESX86%\Google\Chrome\Application\*] [%PUBLISHER%: Google Inc.]
Now click on Block Rules button We are going to block all executables, to protect Chrome from the system and the system from other executables. As an extra we only allow Chrome parent process (broker) to spawn Chrome (no process with another name). Open Block Rules - DLL and change text to [%FILE%: *] Open Block Rules - Driver and change text to [%FILE%: *] Open Block Rules - Process and change text to [%PARENT%: *\chrome.exe] [%PROCESS%: *] Your done
Secure on-line banking 1. Run SSL Eye 2. Start SmartObjectBlocker 3. Open Chrome and do your secure transactions 4. Close Chrome 5. Close SmartObjectBlocker
As an extra you can install free Keyscrambler, to PREVENT KEYBOARD SNOOPING BY OTHER PROCESSES Run SmartObjectBlocker Start Chrome, SmartObjectBlocker will block it, see picture Copy the full path of KeyscramblerIE.DLL from the LOG (in my case that is C:\Program Files\KeyScrambler\KeyScramblerIE.DLL) Open Exclude Rules and add the following rule [%FILE%: C:\Program Files\KeyScrambler\KeyScramblerIE.DLL] Exclude Rules should look like, note I am on x32 so I don't have C:\Program Files (x86) Save Exclude Rules. UAC may prevent that, save them om desktop and replace old Exclude with Explorer. Close Chrome and SmartObjectBlocker, Open SmartObjectBlocker and Chrome, the log window should now stay blank regards Kees
So your plug-ins and extensions installed in your browser are the only Achilles spot left, for Windows PRO owners this can be achieved through GPO (group policy). Here is ADM template to lock download folder, plug-ins and extensions, save the text file in ANSI format with Notepad (name it Chrome_Lock.ADM) For GPO to recognise it needs to have the extension ADM Open Group Policy (run gpedit.msc), navigate to ADMINISTRATIVE TEMPLATES, right click and this will appear Choose ADD/REMOVE template and open attached text text file Chrome_Lock.ADM
Specify download directory Specify enabled plug-ins, see picture Specify whitelisted extensions (name is the same as in Chrome store, see picture and highlighted text) The long name starting with bgnkhh.. is the name of the extension in the Chrome store Now set disabled plugins and blacklisted extensions to value * Congratulations, you now have an isolated and locked down Chrome, have fun Regards Kees
Does SSL Eye view have any wildcard capability as far as URLs go? My bank site uses over 10 different SSL certificates; one per web page displayed. To cover my bank site would need something that allows URL specification such as "*.bankofamerica.com/*."
@itman I tried, did not seem to work with wildcards. Upside is that you need to configure it once to be sure your bank certs are okay and there is nobody intercepting communication.
@WildByDesign Thx, but better thank the developers for providing free tools which can be combined to craft a secure banking environment. I choose Keyscrambler, because it has an option to start with windows, meaning it is also suited for on demand usage see picture (I don't like Zemena free injecting its DLL through file image execution option).
Thnx Kees. Nice on-demand Chrome hardening tutorial. Add control over scripts and other in-browser active content and all bases are covered
@Minimalist, For on-line banking usage uBlock (default), Adblocker and Adguard will do. I think it is unlikely that banks would accept many third party scrips or would not monitor their flagships websites themselves. I know of a Dutch bank in the past which had a problem with injected script (and used a single challenge verification). So there is rational in what your saying, but I am reluctant to use script blocking (because it might interfere with you bookings). Regards
@Rasheed187, Just following the instructions should make it work (you don't need to be an engineer to be able to drive a car )
WoW! This stuff is right up my alley. Many thanks over again Kees for taking the effort to apply, test, and share a fantastic combo of this order!
Oh, just found out this thread, while looking for some SSleye topics, excellent one. Makes me eager to use SoB again lol.