App Code Injection

Thomas Jansen on Feb 1, 2018 — 5 min read

In this third and last part of my blog post series (about the vulnerabilities I discovered in the Top-200 iOS Apps back in September of last year) I will talk about something even better than simply eavesdropping on insecure communication; manipulating the traffic. More specifically, today I will focus on injecting malicious code to trick the victim into giving away sensitive information.

Read more

Missing Certificate Validation

Thomas Jansen on Dec 14, 2017 — 6 min read

In my previous blog post, I’ve described a rather simple setup that enables an attacker to re-route a victim’s network traffic using bettercap and observing clear-text HTTP communication via mitmproxy. Today’s blog post will describe how this setup can be extended to enable eavesdropping on certain encrypted connections. Transport Socket Layer Let’s start off by brushing up our knowledge on the Transport Socket Layer (TLS), which puts the s in https.

Read more

Sniffing Kickbase's Traffic

Thomas Jansen on Nov 9, 2017 — 6 min read

Last week, the German ZEIT ONLINE published an article about some of the work I did over the last couple of months here at Crissy Field: Checking the Top-200 free iOS games for common vulnerabilities. As it turns out, more than half of these apps are vulnerable one way or the other, mainly due to the lack of secure backend communication.

Read more