Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
I am frequently asked about, how one can bypass SSL Pinning while Android Penetration Testing. SSL Pinning is actually a technique that is used in Applications to avoid man-in-the-middle attack by validating the server certificates again even after SSL handshaking. SSL Pinning in Android Applications does not allow Penetration Testers to intercept the to and fro communication from the backend in BurpSuite Tool. There are quite a few techniques to bypass the SSL Pinning, but one of the widely used is the use of Frida Server. Setting up the Frida Server is quite challenging and requires a lot of steps. I have created a python script that automates the complete hefty process of installing and configuring Frida Server and Android Emulator. Feel free to use the tool and share your insights. The Github repo with configuration steps can be found at, https://lnkd.in/ejncbzsIf you want something to be added or have some other project related problems, please raise an issue on GitHub or DM me on LinkedIn.#AndroidPenetration #infosec #cybersecurity
82
12 Comments
Partho Kobiraj Mandal
Assistant manager at Cyber Defence KPMG India | OSCP | LCEH
3y
- Report this comment
Nice one bud
1Reaction 2Reactions
balu k
Yes, I'm an Attacker
3y
- Report this comment
so many apps have anti tamepring detection .....its impossible to ssl unpinn it with automation..use a rooted device with xposed......to that apps https://balook.github.io
1Reaction
Adarsh Shetty
Application Security Engineer @ Zynga
3y
- Report this comment
Looks interesting. Will try this out and let you know!!
1Reaction 2Reactions
Amit prajapat
Lead security consultant-Mobile at Payatu
3y
- Report this comment
Automated the manual process 🤟
1Reaction 2Reactions
Shyam Pareek
Solution Advisor at Deloitte USI
3y
- Report this comment
I'm surely gonna try this one soon! Thanks for sharing :)
1Reaction 2Reactions
To view or add a comment, sign in
More Relevant Posts
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
I’m happy to share that I’m starting a new position as Chief Technology Officer at Vendisys!
This content isn’t available here
Access this content and more in the LinkedIn app
70
10 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
I’m happy to share that I’m starting a new position as Associate Solution Advisor at Deloitte India (Offices of the US)!
This content isn’t available here
Access this content and more in the LinkedIn app
70
9 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Found a Sensitive Information Disclosure Vulnerability in WordPress based Website. Upon Recon, I came across some endpoints that were disclosing information of registered users, internal user keys, API keys, OAuth Tokens etc. The endpoint being referred here is,- https:// WP-website. com/wp-json/and some sub-directories like,- https:// WP-website. com/wp-json/wp/v2/- https:// WP-website. com/wp-json/wp/v2/usersThe /wp-json/ endpoint in a WordPress website allows us to access the REST API for the site. This is more of a misconfiguration at the organization's side, as they have not restricted access to certain endpoints. These endpoint can be found at almost all the WordPress based Websites, and if not access-restricted properly, will disclose sensitive information.Upon researching more about the vulnerability, I was able to find several Google Dorks and Disclosed Hackerone Report related to the same. Do have a look at them and feel free to ping me to discuss more about them.References:- To know more about wp-json endpoint: https://lnkd.in/gkqD5Bi- Google Dork: https://lnkd.in/gyN8SFD- Google Dork: https://lnkd.in/gXZbfjF- Hackerone Report: https://lnkd.in/gya_4RA#cybersecurity #infosec #bugcrowd
146
17 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Found an Information Disclosure vulnerability in REST API using CQL Injection. CQL stands for Confluence Query Language and is used for advanced search in Atlassian's Confluence Rest API.While reconnaissance, I came across an endpoint that was returning an error, "No CQL Parameter Found". Upon curiosity, I added a GET parameter named CQL with a random value "c" as the value and got a response, "No field exists with the name: 'c' Did you mean one of content, creator, created, container, contributor". This piqued my interest as the API responsively return the possible parameter values. Automating the process a bit, I was able to enumerate all the possible values, including Ancestor, ID, Labels, etc. On sending the value as "ID", I got another error saying, "Expecting operator for field 'id', supported operators are: =, !=, IN, NOT IN". This implies that ID is actually a parameter and needs a value. The value of ID can be bruteforced, but it would not be very efficient. In programming languages, there is an operator "!=" (NOT EQUALS TO) that returns true if the operands don't have the same value. Using this to my advantage, I sent the value "-1" and voila, I had a huge amount of sensitive data to look through.Payload: http://test .com/path/?cql=id!=-1#infosec #vulnerability
134
6 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Found a Broken Authentication and Session Management vulnerability on a website. The website was using several third party tools to track the users, for customer support, and other purposes. Some of the third party tools had their cookies scoped to the parent domain. The main/parent website logs the user out after sometime of in-activity. Somehow, the session in the third party tools was not getting ended after the main website logs the user out. On using the cookie from the third party tools, got me logged in to the main website, bypassing the authentication. I was only able to exploit it when the person has logged into that system before and made my vulnerability report showing the impact for a shared computer. Later, I was told that the internal team did find some parameters that would lead to a remote attack as well.Initially, I thought that this was probably due to improper implementation of the third party software, but came to know that it was an issue of the third party software itself.#Bugcrowd #InfoSec #CyberSecurity #Vulnerability
135
12 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Recently, One of the security vulnerabilities I reported to Google got accepted and was eligible for reward under their VRP program, and also registered a spot in Google's Bughunter Hall of Fame, at, https://lnkd.in/eDUTHZD I was able to bypass an Authentication mechanism implemented in Gmail Application. If exploited, it could have lead to several critical attacks, even leading to Complete Account Takeovers. I really recommend security researchers to be a part of Google VRP and try to find security vulnerability in their massive scope domains and acquisitions.I would also like to thank my mentors Mudit Budhiraja Sir, Vikash Chaudhary Sir and Partho Mandal Sir for their constant support and guidance.#Google #VRP #GoogleHoF #Infosec #BugBounty #CyberSecurity #HallOfFame #InformationSecurity #BugHunting
317
38 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Found a vulnerability that was causing an Application Level DoS Attack. Me and my friend Harsh Aksh*t were testing a social media platform's android application and were sharing the relevant findings in the chat section of the same application. For referral, Harsh shared me a link explaining the working of a functionality. As soon as I clicked on the link, the app crashed. Even on restarting the app, as soon as I clicked on the Messages option, the app crashed again. I had to then delete the message from the web application.We were able to reproduce the vulnerability again and figured out that, the link shortener had some issues while shortening the special characters like ¿ (%bf), ½ (%bd), ï (%ef), and converted replaced them with a "very" long string of gibberish before shortening. For example:The Original URL: https:// example. com/¿Shortened URL: https://sh. ort/smthingRe - Lengthened URL: https:// example. com/G1bb3r1$gI66er!S#...<continues for over a thousand characters>So ultimately, when the receiving user tries to access the link the web view of the application crashed leading to crashing the complete app. This vulnerability can also be referred to "Improper implementation of WebView", but we actually figured it out after submitting the report.#Hackerone #Infosec
77
8 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
Found a vulnerability, that allowed me to tamper the error reports being generated by the website. All these generated reports were being logged at a subdomain of that organization. What caught my eye was that I was able to edit all the parameters of the report, to any length of the string - No character limitations. Also, there was a No Rate Limiting vulnerability at the same endpoint. By chaining both the vulnerabilities, I could have flooded their error-logging system with huge sized error reports.P.S. - I tried a lot to explain to them, how can it be exploited and how much it may impact them, still they weren't interested and closed the report as "Informative".#vulnerability #infosec #cybersecurity #hackerone
66
2 Comments
Like CommentTo view or add a comment, sign in
-
Anirudh Kaushal
CTO @ Vendisys | Automation Expert | Cyber Security Researcher
- Report this post
I am happy to tell you that my team "JIIT Noida_3rr0r_4o4_No7_f0uNd" is among the top 13 teams selected for the Grand Finale of Deloitte's Collegiate Cyber Threat Competition (CCTC), Technoutsav. It has been a great journey till now with 3 rounds and over 19,000 participants. I would also like to thank my team members AMAN AHUJA and Sunny Dhama, without them I might not have reached this far. We look forward to performing to the best of our calibre in the upcoming round as well.#Deloitte #JIIT #Technoutsav #CCTC
108
22 Comments
Like CommentTo view or add a comment, sign in
1,543 followers
- 22 Posts
View Profile
Follow