This is an awesome method. But it's not where I need it - if you have the site in your browser, you can already do most interesting things with DOM scraping or MITM (as mentioned in the article).<p>Now, if we had a tool to extract the DOM from a mobile device and/or from apps that use pinning, that would be MUCH more interesting.<p>PS yes, I know frida, but last time I looked it's basically a platform that you'd need to build all the machinery on top of.
This is great. I've never even used that function of the devtools. I have a site I want to scrape but it encrypts the hell out of everything with a bunch of horrible obfuscated Javascript that I didn't want to reverse engineer. This should hopefully make it easier to find the values I want.
Why not get the symmetric key from process memory and then decrypt the recorded or live traffic with it ? <a href="https://www.youtube.com/watch?v=Vj_FjO6TqXg" rel="nofollow">https://www.youtube.com/watch?v=Vj_FjO6TqXg</a>