Lauritz

The fix should be thoroughly tested before merge. Further, CSTC includes more XML operations that need review, too.

I just stumbled over this use case, too. This would indeed be a great feature! :) Edit: I can confirm that the following approach would work. By manually adjusting https://github.com/sensepost/objection/blob/248d56096001a030082270f816773a3aebc1f9a3/objection/utils/agent.py#L166...

Hi @CDuPlooy, thank you very much for your effort! Unfortunately I do not have a test device at hand at the moment, either. 😢 Maybe someone else here in this...

Hi there! Looks like the fix referenced in this issue should be included in the latest release v1.3.0: https://github.com/usdAG/cstc/commits/v1.3.0 If this is the case, feel free to close this issue....

Hi @Teicu, thank you very much for reaching out! :) At the moment, the tool can be quite noisy and its outputs need thorough manual analysis. Therefore, for my use-case,...

Hey @aaronpk! Thank you very much for having a look into this. Yes, I would suggest to add something to the security considerations regarding the handling of received `access_token`. SPs...

I agree on that. Discarding malformed tokens that include invalid characters sounds like a reasonable recommendation to me and is indeed less complex implementation-wise :+1:

Hey @robsontenorio, Thanks for having a look into this! :) Not sure if I understood you question correctly. On a high-level, this is what we do: The API is used...