Just released Part 1 of my series on 'Android SSL Pinning Bypass'! Dive into the essentials without the need for a rooted device. Stay tuned for more advanced techniques in the upcoming writeups!
https://t.co/TcrD3OYbuu
#bugbounty#android#mobilesecurity
@MalikTuyyab@MalikTuyyab They are the worst I have seen in recent years. I also received a used OnePlus product. They didn't accept returns. I've been using the product since I had no other choice. Since then, I haven't used their services. @flipkartsupport@Flipkart@OnePlus_IN
I was awarded $7,666 for a Critical XSS
Reflected XSS, but no particular sensitive data was exposed.
Here is how I was able to escalate to account takeover👇
#bugbountytips
📢 #bugbountytip
🛡️ If you can't see HTTP requests on Burp Suite while proxying a mobile device, the app might be built on Dart or Xamarin. Don't worry! Check out this handy trick to reveal all HTTP requests on Burp. Easy peasy bugs lying around. 😃
https://t.co/t6H65PCfAQ
Just pushed a pretty neat update for ShadowClone. In my testing, this change makes it about 25-40% faster that before! Check it out https://t.co/ojNAm0Ku2X
I just found an unbelievable number of unauthorized API endpoints using this 1 liner.
katana -u $url -hl -nos -jc -silent -aff -kf all,robotstxt,sitemapxml -c 150 -fs fqdn |subjs | python3 /opt/JSA/jsa.py |goverview probe -N -c 500 |sort -u -t';' -k2,14 |cut -d ';' -f1