thibault poncetta

veeral-patel, it's normal the /alert POST isn't working There is a CSP policy that isn't allowing to make request to url beginning with http:// the csp policy is : "content_security_policy":...

Well that's not a problem, you can change manifest.json to support http : "content_security_policy": "script-src 'self'; object-src 'self'; connect-src **http://*** https://*",

Hello, thank for your response. Indeed, i tried to start the server on the shared lib then connect when i jumped to shared code on gdb. But no decompilation unfortunately....

Hi again @mahaloz . Seem there is still problems. Here are some details : ``` vmmap-> 0x7ffff7800000 0x7ffff7972000 r-xp 172000 0 /opt/quest/lib64/libvtwrap.so.2.0.0 _parse_special_tag function -> 0x00007ffff78d96f0 ``` d2d server start...

 Adress are correct but it point to the wrong area, weird

Pretty sure about last base adress/start addr. I'm not sure i have latest pwndbg, will see tomorrow. 3 : Indeed the decompiled output is completely incorrect, it point to code...

Really weird, so decompiled adress is okay, it correspond to the adress of the function i want. (_parse_special_tag) When i try disassemble 0x7ffff78d96f0,+5 or disassemble _parse_special_tag,+5 it point to the...

Hello Back. Seem the adress is correct but decompilation don't work. Also i removed base-addr-start/end and i have the same adress given by client (weird?).

Hello. Can't send neither librairie neither binary as the software is my companie private data. I will try to debug from my side but unfortunately i cant give you my...

I'm going to try to trigger the bug via other non private sample, and send you if I can retrigger it.