This is an awesome method. But it's not where I need it - if you have the site in your browser, you can already do most interesting things with DOM scraping or MITM (as mentioned in the article).
Now, if we had a tool to extract the DOM from a mobile device and/or from apps that use pinning, that would be MUCH more interesting.
PS yes, I know frida, but last time I looked it's basically a platform that you'd need to build all the machinery on top of.
If your device is jailbroken you can use SSL Kill Switch 2 + Burp Suite to get past TLS pinning. It doesn't do much if the actual payload is encrypted (then you'll need to use Frida, or lldb-debugger or something else like that)
This is great. I've never even used that function of the devtools. I have a site I want to scrape but it encrypts the hell out of everything with a bunch of horrible obfuscated Javascript that I didn't want to reverse engineer. This should hopefully make it easier to find the values I want.
That's the TLS key. It's trivial to read the "plain text" contents of the HTTP request - this is for when the contents are actually encrypted at Layer 7, the application layer, not the transport layer.
Now, if we had a tool to extract the DOM from a mobile device and/or from apps that use pinning, that would be MUCH more interesting.
PS yes, I know frida, but last time I looked it's basically a platform that you'd need to build all the machinery on top of.