Comment by NikkiA

Comment by NikkiA 10 months ago

1 reply

TBF strings might not trivially show up the password if you took the most basic of provisions (a non-ascii password, not stored right next to the username separated by a \0), but most programmers likely wouldn't even bother with that.

nijave 10 months ago

Even then you can MITM if you have elevated access to the platform and can tinker with the certificate store.

Games like Pokemon Go use a highly obfuscated algorithm to sign requests which makes it much harder to actually use the key if you can retrieve it