Published inInfoSec Write-ups·PinnedRecreating Cordova Mobile Apps to Bypass Security ImplementationsIntroduction I have recently found that hybrid mobile applications are used by many organizations. Hybrid applications allow developers to create applications using the same technologies and even the same code with minor to no changes for different OS or platforms. …Bug Bounty7 min readBug Bounty7 min read
Published inInfoSec Write-ups·PinnedBypassing Asymmetric Client Side Encryption Without Private KeyI recently wrote an article on how we can bypass client-side encryption. With the help of the PyCript burp suite extension, we can make manual and automated pentesting or bug bounty much easier on applications with client-side encryption. …Bug Bounty7 min readBug Bounty7 min read
Published inInfoSec Write-ups·Mar 6Manipulating Encrypted Traffic for Manual and AutomationIntroduction I have been doing the pentest of mobile and web applications and recently I found that many applications are implementing client-side encryption in both mobile and web applications. Earlier I hosted a simple Javascript-based AES encryption and decryption script on GitHub. The script allows me to encrypt and decrypt the…Pentesting7 min readPentesting7 min read
