Android hacking tools update for Sept 2018

This article outlines a few "lessons learned" during an Android pen-test, specifically on which parts of my toolset I needed to update to accommodate newer android versions (Android v7+) MultiDex support One of the standard pen-test techniques is to decompile the App's source code. Typically this is done by converting the APK DEX code to … Continue reading Android hacking tools update for Sept 2018

Advertisements

Scraping real estate prices using python and visualization using maps

TL;DR An interactive map, accurate as of 13/08/2018 showing property prices per square meter in various areas of Tallin: https://dvas0004.github.io/TallinnRealEstate/ Data shown is for 3-bedroom apartments (resource limitations). Green is less expensive, red is more expensive. Clicking on a data point will show a popup containing the actual price per square meter for that data … Continue reading Scraping real estate prices using python and visualization using maps

Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs

TL;DR: make sure NGINX is setup correctly (proxy_set_header) before messing around with your code. Scenario: Deploying a Spring Boot micro-service behind an NGINX reverse proxy gave us issues when using default Google OAuth2 configuration as described here , basically showing the "Redirect URI Mismatch" mentioned at the very end of the linked article Trying the solution based … Continue reading Lessons learnt: Of Spring Boot + OAuth2 + redirect URIs

Reactive Spring: Combining Server-Side Events with Redis PubSub for real-time push events

A simple example of using Redis PubSub and Spring Reactive Server Side Events for real-time push events to the browser Spring Boot v2.0.3.RELEASE Coding using reactive functional style (as opposed to annotation-based) Spring Initializr Dependencies: “Reactive Web” Redis Driver Used: Jedis Language: Kotlin Scenario and design choices The scenario described in this article is depicted below: … Continue reading Reactive Spring: Combining Server-Side Events with Redis PubSub for real-time push events

Reactive Spring: Webflux Multipart File Upload

A clear, simple example of multipart file upload using Reactive Spring Spring Boot v2.0.3.RELEASE Coding using reactive functional style (as opposed to annotation-based) Spring Initializr Dependencies: "Reactive Web" Language: Kotlin Notes follow after the code: https://gist.github.com/dvas0004/fdb63086cd77869066e83a1ca25757d9 Notes: Spring Webflux makes it extremely easy to build reactive web services - but it takes a while to … Continue reading Reactive Spring: Webflux Multipart File Upload

Drill Down into Spring Boot Actuator metrics

We've only seen this very useful feature documented in the official Spring Actuator API Documentation, so maybe not many are aware that you actually have some control over what the Spring Actuator metrics return to your requesting client. The Spring Actuator API allows you to expose several useful metrics that you can use to monitor … Continue reading Drill Down into Spring Boot Actuator metrics

Google Yolo and Spring Boot 2.0 Authentication

Back in 2016, Google announced the "Open Yolo" project: You Only Login Once. It originally seemed to be an Android library but during Google's last Dev Summit in October 2017, Google released "One-tap Sign-ups On Websites and API Integrations" which brings Google Yolo to your website via JavaScript goodness. There's a very easy guide that … Continue reading Google Yolo and Spring Boot 2.0 Authentication