One of the first things that you learn when learning security is that everything that’s on the client-side is untrusted. Even if it’s encrypted. This blog post shows it really well how a client-side encryption in the mobile app was used to obfuscate a functionality...
Mobile
How to exploit Android deeplinks
Mobile hacking has been and still is perceived as a niche within bug bounty. If that’s something you’d like to go into, make sure to pay attention to how deeplinks can be exploited and also what to look for when you check WebView-related functionality. To learn about...
Mobile hacking resources and interview with Joel Margolis
If you are into mobile hacking, you should definitely check out Jason Haddix’s issues of Executive Offense newsletter number 7 and number 9. He shares a lot of mobile testing tools and in the 9th issue, there’s even an interview with Joel Margolis....
Execution of Arbitrary JavaScript in Android Application
Android hacking gets mentioned quite a lot recently on BBRE Premium Discord. I don’t know if it’s a coincidence or a trend but definitely a nice niche. Here’s another great blogpost about the setup and exploitation of an XSS....
Bounty of an Insecure WebView: XSS, but with Steroids
I get regularly asked about mobile bugs in bug bounty. I often say that many bugs regarding, for example, mobile storage that I reported during pentests, are not severe enough to qualify for a bounty. There are, however, bug classes that are definitely worth looking...
iOS deeplink attacks
I used to perform pentests of iOS applications. One of the things I disliked about it was that most local bugs on the device were really hard to exploit. Enough to put them in a pentest report but probably not risky enough to meet the bar for any bounty. However, this...
iOS hacking videos
Have you ever hacked or tried hacking iOS applications, you know that there's little to no materials out there. Most of the time you need to try on your own or browse to the place never visited by anyone - the second page of google search results😳😬. However,...
Testing iOS apps without physical device
Anyone who ever tested iOS applications knows that it's neither an easy nor well-documented process. It's really hard to start and tools change all the time. Partly, the reason for that is that you needed a physical device with the iOS version vulnerable to...
Proxying Flutter apps through Burp
I remember that pentesting mobile Flutter applications has been painful on iOS. The first time we got the project we spent like a week just trying to figure out how to proxy the app through Burp. Eventually, we found a solution with invisible proxying but I see that...