[HN Gopher] Snapshotting memory to scrape encrypted network requ...
       ___________________________________________________________________
        
       Snapshotting memory to scrape encrypted network requests
        
       Author : jonluca
       Score  : 61 points
       Date   : 2021-12-22 14:11 UTC (8 hours ago)
        
 (HTM) web link (blog.jonlu.ca)
 (TXT) w3m dump (blog.jonlu.ca)
        
       | [deleted]
        
       | uniqueuid wrote:
       | This is an awesome method. But it's not where I need it - if you
       | have the site in your browser, you can already do most
       | interesting things with DOM scraping or MITM (as mentioned in the
       | article).
       | 
       | Now, if we had a tool to extract the DOM from a mobile device
       | and/or from apps that use pinning, that would be MUCH more
       | interesting.
       | 
       | PS yes, I know frida, but last time I looked it's basically a
       | platform that you'd need to build all the machinery on top of.
        
         | jonluca wrote:
         | If your device is jailbroken you can use SSL Kill Switch 2 +
         | Burp Suite to get past TLS pinning. It doesn't do much if the
         | actual payload is encrypted (then you'll need to use Frida, or
         | lldb-debugger or something else like that)
        
       | kingcharles wrote:
       | This is great. I've never even used that function of the
       | devtools. I have a site I want to scrape but it encrypts the hell
       | out of everything with a bunch of horrible obfuscated Javascript
       | that I didn't want to reverse engineer. This should hopefully
       | make it easier to find the values I want.
        
       ___________________________________________________________________
       (page generated 2021-12-22 23:01 UTC)