Тэги:
#android_app_pentesting #android_app_hacking #android_pentesting #android_security #android_bug_bounty #bug_bounty #bug_bounty_methodology #bug_bounty_mobile #frida_tutorial_android #frida #pentesting_mobile_apps #pentesting_mobile #pentesting #bug_hunting #android_bug_bounty_tutorial #mobile_api_testing #mobile_api_security #mobile_security_appКомментарии:
hey katie! thank you for your content you are really helping - i have one question - why is my google nexus 6 different from the demonstration? i have slightly different apps and cannot access - even after GApps? i had to go into network internet>internet>androidwifi> the little pencil in the top right of the box> roggle the advanced options carrot
ОтветитьI registered by your link
Ответитьjust seeing this now I LOVE IT keep up the good work katie😚
ОтветитьCan't intercept native mobile app like facebook. But able to intercept via browser. Tried SSLUnpinning with Xposed Installer but still can't intercept native facebook app traffic. Can somebody help? thanks
ОтветитьI have an iPhone but can’t jailbreak it maybe because my iOS version or because it’s an iPhone 12. So thinking about doing this instead for bug hunting. Is there way to use burp with iPhone without jail breaking?
ОтветитьThanks for helping getting started with Android PT. Will surely share once i find a vaild bug. Thanks once again. Keep up the good work.
ОтветитьCảm ơn bạn mong bạn ra nhiều video về testing android . Tôi là sinh viên an toàn thông tin đến từ Việt Nam <3
ОтветитьHello guys I want to clone my phone one genymotion is that possible? Literally, I want to virtualize my phone.
ОтветитьOh god thank u so muchhh ...u saved my like u saved d world for mee u n angelll lol thankkk u so muchh hahha !!!
ОтветитьDon't think you can intercept app traffic directly anymore without modifying network_security_config.xml.
ОтветитьThis was really help full i watched a few videos about it, but you explained it very well and now its working finally , thankss
ОтветитьAwesome katie
ОтветитьAfter downloading, Genymotion is stuck at starting virtual device, does anyone have any idea how to solve it?
ОтветитьThanks for this video :)
ОтветитьThat's not bypassing ssl pining
You just installed certificate if the app encrypts the network internally you cannot intercept it through burp
I have't modify network when click to WiredSSID
ОтветитьThx Zo Usefull
ОтветитьLove watching your videos...........!!!!!!
💓💓💓💓💓💓💓💓💓💓💓💓
anyone know why you cannot configure manual proxy settings in android os ver 7.0 and above? 6.0 os instructions don't work and the manual says to open a wifi edit button which is not there. blogs have said this was changed for os 7.0 and above.
ОтветитьGenymotion is not free, isn't there some free alternative?
ОтветитьHello,is it illegal if i use free license of genymotion for bug bounty hunting ?
ОтветитьHey !! What about SSL Pinning ?? Any idea about this ?? I lost my whole damn week but didnt find any solution to intercept APPLICATION traffic ..
Ответитьthanks this video helped me setting my mobile env :)
ОтветитьPlease make more videos into Android bug hunting
Ответитьwe need more video for android bug bounty
ОтветитьBut the android version is 5 right?
So some apps won't be installed for testing ...
Wow cool, tysm ❤️❤️
Ответитьhi katie
first of all a big thanks for your great videos, I've learned a lot from them :)
but sadly I have a problem with setting up the burp to intercept the apps data :(
I first tried to use genymotion but it didn't work because it just fails while installing Gapps so I used memu instead then installed the burp cert and it captures data while using browser but for apps it just returns TLS errors in dashboard (the client failed to negotiate a TLS connection to ...)
I don't know what to do, please help me I really want to start android hacking :(
Hi,
Katie your video realy help me. Thank you for such a good contents.
Just discovered your channel. Love your work! I'm about to sign up but I just want to clarify - are you tied to a single bug bounty platform? Just asking because from what I understand, different platforms can cater to different regions/industries.
Ответитьkatie you are awesome
ОтветитьAre u using Android phone for this testing
ОтветитьYour videos are really cool and awesome. Just love it. Whats your Twitter account? I would love to follow you there.
ОтветитьCan i use burp in my mobile phone without a pc?
Ответитьhi katie wnted to ask i want to do both on ios and android bug bounty so is it necessary to have a mac for ios or an iphone is ok
ОтветитьWhere is time stamps
ОтветитьIts all amazing BUT all traffic is encrypted as i guess with SSL, and even with Frida half traffic from different apps are encrypted, i think i don't know something but looks not cool.
If it's possible and you'll show how to do it, it will be great
Thx for video
Maybe i don't right, nevermind :D
Thank you so much for sharing 👍
ОтветитьAmazing info katie, thank you so much!!
ОтветитьPlease make a video on Frida.
ОтветитьBeen wanting to get into android for a while now, the video really helped! Thanks a lot !!
btw, could you also make a tutorial on how to disable ssl pinning on mobile applications ?
great content you are the best
Ответитьcan please anyone explain what is an endpoint i am kinda confuse
ОтветитьThanks katie the video was amazing but I didn't understand the part in the end where you said google apps doesn't provide ssl bypass so why does yahoo have ssl bypass ? and in this way why don't other companies can do just like google so that no one can attack their application
ОтветитьMy ooxe extension not displaying on burp suite.
But other extensions are displaying.
What's the problem??