Perhaps the only contender to Burp in respect to functionality/features is ZAP[2].

EDIT: You can run your own collaborator type setup with Project discovery's interactsh[3].

Further EDIT: A downvote might be because of the mention of Rust / closed source - this is explicitly mentioned because a large pain point for Burp is it's a Java memory hog. If Caido was written in C++ with Qt, this fact would be notable for the exact same reason.

[1] https://caido.io/

[2] https://www.zaproxy.org/

[3] https://github.com/projectdiscovery/interactsh

Automating authorisation checks has less to do with novelty seeking and more to do with the practicalities of ensuring adequate coverage within the assigned engagement time frame.

"There is a part of the talk where I am trying to perform a little bit.. the thing that I'm also talking about. My background is in art .. and we always try to think about form and content being kind of the same thing.."

Thoroughly entertaining, well executed.

There is a photo of Mark Zuckerberg with a cut off 3.5mm jack plugged into his laptop - likely to achieve a similar outcome.

Frequently rebooting the device can’t hurt but it likely isn’t going to prevent a threat actor from achieving their objectives.

The best mitigation we have is to enable lockdown mode.

https://github.com/lotabout/Let-s-build-a-compiler

This is a notable differentiation - Writing assembly is a different skill to reading it from a disassembly. Reverse engineering, malware analysis etc. does not inherently require you to be able to write asm, although it certainly would help.

How? By searching it in https://wigle.net.

That ended the debate quite swiftly.

if [ $? -ne 0 ]; then

Will get flagged and an improvement will be suggested with an explanation on why [2]

[1] https://marketplace.visualstudio.com/items?itemName=timonwon...

[2] https://www.shellcheck.net/wiki/SC2181

[1] https://www.goodreads.com/en/book/show/25744928

[2] https://www.youtube.com/@CalNewportMedia

He also has other interesting courses which touch upon “retro” programming in a very accessible manner. [2]

[1] https://pikuma.com/courses/nes-game-programming-tutorial

[2] https://pikuma.com/courses

Comments URL: https://news.ycombinator.com/item?id=36601100

Points: 3

# Comments: 0

https://twitter.com/haxrob/status/1673874637632196608

For clarification - you purchase the hardware then you are required to download the phone application. You find this app by scanning the QR code printed on the physical device's box. This app is free. It does not link to a premium version.

If this is the take away, then I need to think about how I have phrased things. The GPS co-ordinates are sent two separate companies:

1) The Bluetooth device developer (bm2.quicklynks.com)

2) AMap (dualstack-cgicol.amap.com)

Looking at the decomplication and HTTP REST messages, it is very clear the app developer is deliberately sending GPS to their servers. They send a JSON object with the battery voltages, bluetooth device address and lat/lng in the same request.

The cell data, wifi beacon data - this is exclusively collected by AMap services and is not apparent without investing significant time reverse engineering their SDK.

https://developer.android.com/guide/topics/connectivity/blue...