STEAL THAT API KEY WITH A MAN IN THE MIDDLE ATTACK

Thu 04 April 2019 By Paulo Renato

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs, Mobile App Development

As I promised in my previous article, here it is the follow up article about performing a man in the middle (MitM) attack to steal an API key, and to follow this article you will need to become the man sitting in the middle of the actual channel, using mitmproxy to help you with the task of stealing the API key. Now it should be clear why MitM stands for man in the middle!

Read More

HOW TO EXTRACT AN API KEY FROM A MOBILE APP BY STATIC BINARY ANALYSIS

Thu 14 March 2019 By Paulo Renato

Category: API Keys, Reverse Engineering



An API key is probably the most common method used by developers to identify what is making the request to an API server, but most developers are not aware how trivial it is for a hacker or even a script kiddie to steal and reuse an API key in order to gain unauthorized access to their APIs.

In the previous article we saw why your mobile app needs an API key, and now we will see how to grab that API key from your mobile app by reverse engineering the binary in an effective and quick way with an open source tool. Once we see how easy it can be done, we will realize that it is even achievable by non-developers.

 

Read More

WHITELISTS AND INDIRECTION GO TOGETHER LIKE CHOCOLATE AND PEANUT BUTTER

Fri 28 July 2017 By Skip Hovsmith

Category: API Keys, Mobile App Authentication, Reverse Engineering, Third Party APIs

source: nourishmorelove

Read More

SIMPLE APP AUTHENTICATION

Mon 26 September 2016 By Johannes Schneiders

Category: API Keys, Mobile App Authentication, Scrapers, Bots, Reverse Engineering

Suppose your mobile app relies on a back-end server that holds sensitive data or just data that you do not want to be manipulated or copied freely. You trust your own app to do everything right, but what about bots exploiting your API or if someone steals and subverts your app?

Read More

SECURING POKÉMON

Tue 26 July 2016 By David Stewart

Category: Mobile App Authentication, Reverse Engineering, Threats

A massive success, a staggered worldwide release, ravening hordes of eager adults (and children) with an obsessive urge to catch ’em all. I am of course talking about Pokémon GO from Niantic.

Read More

Page 1 of 1