Pentesting gRPC-Web : Recon and reverse-engineering

gRPC-Web has reached General Availability! The official blog announcement can be found here: https://grpc.io/blog/grpc-web-ga gRPC makes leveraging Protocol Buffers extremely easy, and ProtoBufs in and off itself has some very good advantages over REST when it comes to performance and contract-based development. However so far ProtoBufs are used typically in the backend to facilitate inter-microservice … Continue reading Pentesting gRPC-Web : Recon and reverse-engineering

Advertisements

Android hacking tools update for Sept 2018

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

Scraping real estate prices using python and visualization using maps

TL;DR An interactive map, accurate as of 13/08/2018 showing property prices per square meter in various areas of Tallin: https://dvas0004.github.io/TallinnRealEstate/ Data shown is for 3-bedroom apartments (resource limitations). Green is less expensive, red is more expensive. Clicking on a data point will show a popup containing the actual price per square meter for that data … Continue reading Scraping real estate prices using python and visualization using maps

Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs

TL;DR: make sure NGINX is setup correctly (proxy_set_header) before messing around with your code. Scenario: Deploying a Spring Boot micro-service behind an NGINX reverse proxy gave us issues when using default Google OAuth2 configuration as described here , basically showing the "Redirect URI Mismatch" mentioned at the very end of the linked article Trying the solution based … Continue reading Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs

Reactive Spring: Combining Server-Side Events with Redis PubSub for real-time push events

A simple example of using Redis PubSub and Spring Reactive Server Side Events for real-time push events to the browser Spring Boot v2.0.3.RELEASE Coding using reactive functional style (as opposed to annotation-based) Spring Initializr Dependencies: “Reactive Web” Redis Driver Used: Jedis Language: Kotlin Scenario and design choices The scenario described in this article is depicted below: … Continue reading Reactive Spring: Combining Server-Side Events with Redis PubSub for real-time push events

Reactive Spring: Webflux Multipart File Upload

A clear, simple example of multipart file upload using Reactive Spring Spring Boot v2.0.3.RELEASE Coding using reactive functional style (as opposed to annotation-based) Spring Initializr Dependencies: "Reactive Web" Language: Kotlin Notes follow after the code: https://gist.github.com/dvas0004/fdb63086cd77869066e83a1ca25757d9 Notes: Spring Webflux makes it extremely easy to build reactive web services - but it takes a while to … Continue reading Reactive Spring: Webflux Multipart File Upload

Drill Down into Spring Boot Actuator metrics

We've only seen this very useful feature documented in the official Spring Actuator API Documentation, so maybe not many are aware that you actually have some control over what the Spring Actuator metrics return to your requesting client. The Spring Actuator API allows you to expose several useful metrics that you can use to monitor … Continue reading Drill Down into Spring Boot Actuator metrics