Finding Bugs in Mobile APIs
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
- Resources -
A lot of people have told me that they struggle to find APIs to test, so I hope that this will help get you started! If you've only just joined us, here are the videos I recommend!
Top 10 API bugs: • Top 10 API Bugs (and W...
Enumerating APIs: • How To Do Recon: API E...
Finding Your First Bug: APIs: • Finding Your First Bug...
TomNomNom: • Who, What, Where, When...
FFUF: • How to use ffuf - Hack...
- Social Media -
Discord: / discord
Patreon: / insiderphd
Twitter: / insiderphd
- Patreon Shoutouts -
MechaInfoSec
Wardell Castles
rl1k
strongbeard
Lukáš Hájek
Gynvael
Ram
James Clee - บันเทิง
You are doing such a good deed. Many of us are learning a lot from these videos. Thank you for doing it free.
Hey Katie, thanks for all your videos, in the last weekend, I found my first bug! A business logic error, thanks to your videos. Unfortunately, was a duplicate, but I'm very happy for this! Thanks again, love from Brazil!
Nice work! a dupe is a bug, you just weren't quick enough this time! You CAN find bugs though, keep going and you'll get faster!
Thanks alot Katie and God bless 👍
great work !
Thank you :)
For reference, something i still struggle with.. IDOR - Insecure direct object references
Hi Katie,
You can directly edit from TH-cam video editor only & TRIM the final part. It's pretty easy & for a person like you, it should be damn easy.
Look at some video if need any clarification.
Thanks for this video. Keep up the good work.
Katie Nice Work 👍
Hi, top video! Just wanted to ask a question, both Genymotion and Android Studio, emulator does not support a lot of mobile apps because they have a different system architecture, do you guys have any suggestions? I mean cloud or something else?
katie your amazing!!!!!!!!!!!!!
Aww thank you so much it means a lot to me!
Waiting for this video.
I hope it was worth the wait!
thanks for these videos you are great ^_^ , Can you make video about any tools or programs (VPNs) that secure myself after penetration web site hacking ? thanks again .
Hi katie... I would like to thank you so so very much for introducing me to the ios bug bounty setup... I somehow managed to setup my "hacking environment" even though I don't have a mac...and had to browse through a lot of articles for understanding the linux way of settings things up (it took me like 3-4 days to set it up).. I was just curious..could you show some ios specific bugs that a beginner can look for, I read the "read ahead" articles given in the description of the that video..but was not able to understand it properly..and was wondering if you could help me out with it (by making a video or just by referring to any other resources that I could go through)..thanks in advance. much love from India
FRIDA and webview bugs are great places to start there’s a video I recommend by Dawn Isabel on Bugcrowds channel talking about iOS bug hunting, Spaceracoon also has an article on iOS bugs. But don’t worry we’ll be covering all of that in a later video :)
@@InsiderPhD thank you so much 😃
is it illegal using free genymotion for bug hunting ?
Nice!
Wah super
Great ❤
Thanks😃girl for this video
Where is graphql link?
Great
Nice
gr8 video
Omg greaaaat
❤️
Yay Mobile !!
Good
𝗹𝗼𝘃𝗲❤ 𝗙𝗿𝗼𝗺 🇮🇳𝗜𝗻𝗱𝗶𝗮
Hey Katie, Nice video but last 8 minutes or so are black screen, you must edit that out. after 31:20
Thanks! I’m not a video editor so mistakes happen!
Hello from fan, I have a few question
- Do you need a rooted phone to perform a bug bounty?
- Do bounty platform accept result from a emulation device like Genymotion?
- How do you extract .apk from your real phone? with and without root.
- Yes, usually, because of something called certificate pinning
- Yup
- You can go on APK downloading sites
@@InsiderPhD thank you 👍