I’ve been very busy these past few months, leaving little time to hack. I’m very glad to be back at it. I decided to write my first Burp extension—since it seems to be working quite nicely for me, I thought I’d share it! The extension, BurpParamFlagger, adds a passive scan Read more…
Whether you’re a pentester looking to gain some experience in mobile hacking or a developer aiming to build secure apps, familiarizing yourself with some of the common security mistakes developers make will serve you well. I’ve listed and summarized here the five most common types of mobile app security flaws Read more…
I’ve been working on a few small projects while learning Go, and this one turned out to be useful enough that I thought I’d go ahead and publish it. For the first time, this post is not about iOS! DNSObserver is a handy DNS service written in Go to aid Read more…
In this post, I’m going to reveal the fastest, easiest P1 that I’ve ever reported – multiple times! It’s the sort of oversight that seems so simple to avoid, but surprisingly, it was pervasive across apps both with and without bug bounty programs. After realizing how widespread this security lapse Read more…
This post is an overview of a mobile app MitM vulnerability I’ve found several times in the real world. I’ll explain how an attacker can exploit a vulnerable app’s broken SSL implementation and intercept cleartext HTTPS traffic – without the victim having installed any CA Certificates or accepting any additional Read more…
Esta entrada se trata de una vulnerabilidad sencilla, pero peligrosa, que he visto en varias ocasiones. Creo que esta falla debería ser mas conocida – especialmente por los ingenieros informáticos (y hackers blancos!). Ellos deberían asegurar que han construido sus Web Views firmementes. (Read in English) (Aviso: Gracias a @MaxiSoler Read more…
This post is the 4th and final part a series giving an overview of the most useful iOS app pentesting tools. We will start with an introduction to binary analysis with ‘Hopper’, then we will move into debugging app store apps using ‘lldb’. I want to note that I won’t Read more…
This post is part 3 of a series giving an overview of the most useful iOS app pentesting tools. ‘Frida’ is a dynamic instrumentation tool that is primarily useful for runtime manipulation and dynamic analysis. ‘Objection’, created by Sensepost, is another useful tool built on top of Frida that makes Read more…
This post is part 2 of a series giving an overview of the most useful iOS app pentesting tools. ‘Cycript’ is a runtime manipulation tool that is primarily useful for dynamic analysis and exploring the flow of the app you’re testing. The series will be assuming that the user is Read more…
This post is about a simple, yet potentially dangerous security flaw that I’ve seen several times in iOS apps. I feel this misconfiguration should have more awareness around it – specifically, developers (and bug bounty hunters) should ensure that they are handling their web view security correctly! (Leer en español) Read more…