Finding Bugs in Mobile APIs

Рет қаралды 20,131

Күн бұрын

Hey everyone! Welcome to another API video, well I promise more didn't I! This week we're going to use the setup from the previous videos on iOS and Android, and actually use it to FIND BUGS! Mobile apps have some AMAZING first bugs, that don't require complex technical skills, but instead perseverance!
Did you know this episode was sponsored by Intigriti? Sign up with my link go.intigriti.com/katie I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
- Resources -
A lot of people have told me that they struggle to find APIs to test, so I hope that this will help get you started! If you've only just joined us, here are the videos I recommend!
Top 10 API bugs: • Top 10 API Bugs (and W...
Enumerating APIs: • How To Do Recon: API E...
Finding Your First Bug: APIs: • Finding Your First Bug...
TomNomNom: • Who, What, Where, When...
FFUF: • How to use ffuf - Hack...
- Social Media -
Discord: / discord
Patreon: / insiderphd
Twitter: / insiderphd
- Patreon Shoutouts -
MechaInfoSec
Wardell Castles
rl1k
strongbeard
Lukáš Hájek
Gynvael
Ram
James Clee

Пікірлер: 36

@luckythandel 3 жыл бұрын

You are doing such a good deed. Many of us are learning a lot from these videos. Thank you for doing it free.

@davicosta4931 3 жыл бұрын

Hey Katie, thanks for all your videos, in the last weekend, I found my first bug! A business logic error, thanks to your videos. Unfortunately, was a duplicate, but I'm very happy for this! Thanks again, love from Brazil!

@InsiderPhD 3 жыл бұрын

Nice work! a dupe is a bug, you just weren't quick enough this time! You CAN find bugs though, keep going and you'll get faster!

@nixsonblackstone7900 3 жыл бұрын

Thanks alot Katie and God bless 👍

@omarelfarsaoui5498 3 жыл бұрын

great work !

@user-or9lh2bi6x 3 жыл бұрын

Hi, top video! Just wanted to ask a question, both Genymotion and Android Studio, emulator does not support a lot of mobile apps because they have a different system architecture, do you guys have any suggestions? I mean cloud or something else?

@jeffm623 3 жыл бұрын

Thank you :) For reference, something i still struggle with.. IDOR - Insecure direct object references

@learningwithtom4104 2 жыл бұрын

Hi Katie, You can directly edit from KZfaq video editor only & TRIM the final part. It's pretty easy & for a person like you, it should be damn easy. Look at some video if need any clarification. Thanks for this video. Keep up the good work.

@hydraking8768 3 жыл бұрын

Katie Nice Work 👍

@abhhibirdawade9657 3 жыл бұрын

katie your amazing!!!!!!!!!!!!!

@InsiderPhD 3 жыл бұрын

Aww thank you so much it means a lot to me!

@samudrasarma6555 3 жыл бұрын

Waiting for this video.

@InsiderPhD 3 жыл бұрын

I hope it was worth the wait!

@user-wd3ng2pt3z 3 жыл бұрын

thanks for these videos you are great ^_^ , Can you make video about any tools or programs (VPNs) that secure myself after penetration web site hacking ? thanks again .

@ahmadgiftred2048 3 жыл бұрын

Nice!

@avilashnandy9886 3 жыл бұрын

Hi katie... I would like to thank you so so very much for introducing me to the ios bug bounty setup... I somehow managed to setup my "hacking environment" even though I don't have a mac...and had to browse through a lot of articles for understanding the linux way of settings things up (it took me like 3-4 days to set it up).. I was just curious..could you show some ios specific bugs that a beginner can look for, I read the "read ahead" articles given in the description of the that video..but was not able to understand it properly..and was wondering if you could help me out with it (by making a video or just by referring to any other resources that I could go through)..thanks in advance. much love from India

@InsiderPhD 3 жыл бұрын

FRIDA and webview bugs are great places to start there’s a video I recommend by Dawn Isabel on Bugcrowds channel talking about iOS bug hunting, Spaceracoon also has an article on iOS bugs. But don’t worry we’ll be covering all of that in a later video :)

@avilashnandy9886 3 жыл бұрын

@@InsiderPhD thank you so much 😃

@dasuntheekshana7599 3 жыл бұрын

Great ❤

@babay-mp4bq 3 жыл бұрын

is it illegal using free genymotion for bug hunting ?

@AjayKumar-xl4jc 3 жыл бұрын

Wah super

@elsakaydb6271 3 жыл бұрын

Great

@AjayKumar-xl4jc 3 жыл бұрын

Thanks😃girl for this video

@ayushxowealth 3 жыл бұрын

Nice

@amyqb117 3 жыл бұрын

Omg greaaaat

@ca7986 3 жыл бұрын

❤️

@Stas1983ful 3 жыл бұрын

Where is graphql link?

@mr.kn0w1t4ll2 3 жыл бұрын

Yay Mobile !!

@rajatdutta8365 2 жыл бұрын

gr8 video

@realstar5979 3 жыл бұрын

Good

@ganeshkhairkar30 3 жыл бұрын

𝗹𝗼𝘃𝗲❤ 𝗙𝗿𝗼𝗺 🇮🇳𝗜𝗻𝗱𝗶𝗮

@tangducbao7309 3 жыл бұрын

Hello from fan, I have a few question - Do you need a rooted phone to perform a bug bounty? - Do bounty platform accept result from a emulation device like Genymotion? - How do you extract .apk from your real phone? with and without root.

@InsiderPhD 3 жыл бұрын

- Yes, usually, because of something called certificate pinning - Yup - You can go on APK downloading sites

@tangducbao7309 3 жыл бұрын

@@InsiderPhD thank you 👍