HackerTrans
TopNewTrendsCommentsPastAskShowJobs

reeeeaway

no profile record

Submissions

[untitled]

1 points·by reeeeaway·2 miesiące temu·0 comments

comments

reeeeaway
·2 lata temu·discuss
Alternatively, give frida a go. It handles all the hard parts for you magically and then you get to instrument the binary with Javascript :) mixing dynamic and static techniques is really powerful
reeeeaway
·2 lata temu·discuss
On newer versions of android it can be hard to install a root cert and trust it; mitmproxy and httptoolkit both have some great guides though. On iOS its easier - but yeah unfortunately/fortunately certificate pinned applications wont work

Depending on how much time you are willing to put in you could create a list of apps that dont PIN and selectively MiTM apps that dont
reeeeaway
·2 lata temu·discuss
Certificate pinning perhaps?
reeeeaway
·2 lata temu·discuss
The method doAppendEscapeLiteral (Line 66) is a good example; https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main...

I didn’t take notes all the way down, but at the end of the day this method is invoked when a prepared statements’ parameters are being bound
reeeeaway
·2 lata temu·discuss
Looking at the postgres JDBC source, it sanitizes parameters when prepared statements and parameterization is used. Different implementations may do different things here though