HackerTrans
TopNewTrendsCommentsPastAskShowJobs

reeeeaway

no profile record

Submissions

[untitled]

1 points·by reeeeaway·2 ay önce·0 comments

comments

reeeeaway
·2 yıl önce·discuss
Alternatively, give frida a go. It handles all the hard parts for you magically and then you get to instrument the binary with Javascript :) mixing dynamic and static techniques is really powerful
reeeeaway
·2 yıl önce·discuss
On newer versions of android it can be hard to install a root cert and trust it; mitmproxy and httptoolkit both have some great guides though. On iOS its easier - but yeah unfortunately/fortunately certificate pinned applications wont work

Depending on how much time you are willing to put in you could create a list of apps that dont PIN and selectively MiTM apps that dont
reeeeaway
·2 yıl önce·discuss
Certificate pinning perhaps?
reeeeaway
·2 yıl önce·discuss
The method doAppendEscapeLiteral (Line 66) is a good example; https://github.com/pgjdbc/pgjdbc/blob/master/pgjdbc/src/main...

I didn’t take notes all the way down, but at the end of the day this method is invoked when a prepared statements’ parameters are being bound
reeeeaway
·2 yıl önce·discuss
Looking at the postgres JDBC source, it sanitizes parameters when prepared statements and parameterization is used. Different implementations may do different things here though