Ssl
Intercepting HTTPS Communication in Flutter: Going Full Hardcore Mode with Frida
tl;dr In this blog post, I will share insights I learned while researching the Flutter framework and the reFlutter tool. It will dive deep into Flutter’s architecture, some of its inner workings and dependencies, and finally, drill down into the SSL verification logic. The post will end by exploring what the reFlutter tool actually does and my attempts at replicating the same behaviour with Frida.
Note: If you are in a pinch on a mobile assessment where the application uses Flutter, the reFlutter tool is a great option. This blog post does not advocate that you need to use Frida logic. It is simply an exercise in seeing whether a Frida equivalent may exist.
Running sslscan on 5k servers taken from Alexa’s top 10k
Transport layer security has had a rough ride recently, with a number of vulnerabilities being reported. At a time when trust is required between you and the site you are interacting with, it’s key that website owners configure their sites to be as secure as possible.
With that in mind, I decided to analyse HTTP Security Headers from the top 10k Alexa websites, and look at what SSL Ciphers were being used on those websites.
Page 1 of 1