Hacker News new | past | comments | ask | show | jobs | submit login
Snapshotting memory to scrape encrypted network requests (jonlu.ca)
78 points by jonluca on Dec 22, 2021 | hide | past | favorite | 8 comments



This is an awesome method. But it's not where I need it - if you have the site in your browser, you can already do most interesting things with DOM scraping or MITM (as mentioned in the article).

Now, if we had a tool to extract the DOM from a mobile device and/or from apps that use pinning, that would be MUCH more interesting.

PS yes, I know frida, but last time I looked it's basically a platform that you'd need to build all the machinery on top of.


If your device is jailbroken you can use SSL Kill Switch 2 + Burp Suite to get past TLS pinning. It doesn't do much if the actual payload is encrypted (then you'll need to use Frida, or lldb-debugger or something else like that)


last i tried none of the tools work well out of the box for the interesting cases (e.g., tiktok tls mitm on mobile)

publishers using custom http2/http3 libs, NDK obfuscators, etc all break the "auto patch" sslstrip stuff


This is great. I've never even used that function of the devtools. I have a site I want to scrape but it encrypts the hell out of everything with a bunch of horrible obfuscated Javascript that I didn't want to reverse engineer. This should hopefully make it easier to find the values I want.


Why not get the symmetric key from process memory and then decrypt the recorded or live traffic with it ? https://www.youtube.com/watch?v=Vj_FjO6TqXg


That's the TLS key. It's trivial to read the "plain text" contents of the HTTP request - this is for when the contents are actually encrypted at Layer 7, the application layer, not the transport layer.

I did write up how to do it for Blind, though, here https://blog.jonlu.ca/posts/decrypting-blind


Is that even open source anywhere? Seems a PoC was never released.


> The rise of SPAs has made this approach a bit less impractical

I think you meant "less practical", or "more impractical"




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: