Mobile

Bounty of an Insecure WebView: XSS, but with Steroids

I get regularly asked about mobile bugs in bug bounty. I often say that many bugs regarding, for example, mobile storage that I reported during pentests, are not severe enough to qualify for a bounty. There are, however, bug classes that are definitely worth looking...

iOS deeplink attacks

I used to perform pentests of iOS applications. One of the things I disliked about it was that most local bugs on the device were really hard to exploit. Enough to put them in a pentest report but probably not risky enough to meet the bar for any bounty. However, this...

iOS hacking videos

Have you ever hacked or tried hacking iOS applications, you know that there's little to no materials out there. Most of the time you need to try on your own or browse to the place never visited by anyone - the second page of google search results??. However,...

Testing iOS apps without physical device

Anyone who ever tested iOS applications knows that it's neither an easy nor well-documented process. It's really hard to start and tools change all the time. Partly, the reason for that is that you needed a physical device with the iOS version vulnerable to...

Proxying Flutter apps through Burp

I remember that pentesting mobile Flutter applications has been painful on iOS. The first time we got the project we spent like a week just trying to figure out how to proxy the app through Burp. Eventually, we found a solution with invisible proxying but I see that...