onsdag den 10. december 2014

Debugging path location in Java aka FileNotFoundExceptions

Occasionally I need to write some code which locates stuff on disk using relative paths. And sometime I get the paths wrong :/

It often turns out that the current directory of the application is slightly different than I expect. However, it is not straightforward at first how one determines the current directory of the application.

I have found the following code snippet useful to solve the problem.


1
2
3
4
5
6
import java.nio.file.Path;
import java.nio.file.Paths

Path currentRelativePath = Paths.get("");
String s = currentRelativePath.toAbsolutePath().toString();
System.out.println("Current relative path is: " + s);

It uses NIO so it requires Java 7+.

I got the snippet from this SO.

tirsdag den 4. november 2014

Inspecting HTTPS traffic on iOS simulator running iOS 8 with Burp or Charles

I had some problems installing the Burp or Charles CA certificate in the iOS simulator running iOS 8. I tried following various tutorials I found, but to no success. In particular I tried to combine a tutorial which said to extract the CA certificate using Firefox and install it to the TrustStore.sqlite3 keystore in the simulator directory. My failure to get that particular line of attack working lead me to a more successful path involving the iosCertTrustManager tool.

The solution is to download the iosCertTrustManager tool, export the CA certificate from Burp or Charles and then install the tool.

  1. Download the iosTrustCertManager Python script from:
    https://github.com/ADVTOOLS/ADVTrustStore

  2. Get the CA certificate

    • For Burp

      • Go to Proxy -> Options -> CA certificate

      • Export the certificate in DER format, and store it in some location
        Burp export CA cert

      • Convert the certificate to pem format using OpenSSL:
        openssl x509 -inform der -in ~/tmp/burpca.der -out ~/tmp/burpca.pem



    • For Charles




  3. Run iosCertTrustManager:
    python iosCertTrustManager.py -a ~/tmp/burpca.pem


Happy hacking!

fredag den 14. marts 2014

URL-Encoding

I recently ran into the problem of doing proper URL-Encoding between an IOS app and a Java server. I have found this explanation very useful.