App Code Injection

In this third and last part of my blog post series (about the vulnerabilities I discovered in the Top-200 iOS Apps back in September of last year) I will talk about something even better than simply eavesdropping on insecure communication; manipulating the traffic. More specifically, today I will focus on injecting malicious code to trick the victim into giving away sensitive information.
Missing Certificate Validation

In my previous blog post, I’ve described a rather simple setup that enables an attacker to re-route a victim’s network traffic using bettercap and observing clear-text HTTP communication via mitmproxy. Today’s blog post will describe how this setup can be extended to enable eavesdropping on certain encrypted connections. Transport Socket Layer Let’s start off by brushing up our knowledge on the Transport Socket Layer (TLS), which puts the s in https.
Sniffing Kickbase's Traffic

Last week, the German ZEIT ONLINE published an article about some of the work I did over the last couple of months here at Crissy Field: Checking the Top-200 free iOS games for common vulnerabilities. As it turns out, more than half of these apps are vulnerable one way or the other, mainly due to the lack of secure backend communication.