HackerTrans
TopNewTrendsCommentsPastAskShowJobs

reeeeaway

no profile record

Submissions

[untitled]

1 points·by reeeeaway·hace 2 meses·0 comments

comments

reeeeaway
·hace 2 años·discuss
Alternatively, give frida a go. It handles all the hard parts for you magically and then you get to instrument the binary with Javascript :) mixing dynamic and static techniques is really powerful
reeeeaway
·hace 2 años·discuss
On newer versions of android it can be hard to install a root cert and trust it; mitmproxy and httptoolkit both have some great guides though. On iOS its easier - but yeah unfortunately/fortunately certificate pinned applications wont work

Depending on how much time you are willing to put in you could create a list of apps that dont PIN and selectively MiTM apps that dont
reeeeaway
·hace 2 años·discuss
Certificate pinning perhaps?
reeeeaway
·hace 2 años·discuss
The method doAppendEscapeLiteral (Line 66) is a good example; https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main...

I didn’t take notes all the way down, but at the end of the day this method is invoked when a prepared statements’ parameters are being bound
reeeeaway
·hace 2 años·discuss
Looking at the postgres JDBC source, it sanitizes parameters when prepared statements and parameterization is used. Different implementations may do different things here though