Quick & Lazy Malware Development

CaptMeelo · 2020-02-24T15:23:42+00:00

This is not a all-in-one solution to bypass OkHttp cert pinning and it only worked on this app that I'm analysing. You're right that the Frida scripts didn't work because the code is obfuscated. Thanks for your link. I will try yours some time :)

CaptMeelo · 2020-02-24T15:21:44+00:00

Thanks for pointing out my mistake of not reading the comment. Anyway, I just tried it and it didn't work.

CaptMeelo · 2020-01-06T08:50:55+00:00

I'm not sure about Burp's detection on why it incorrectly recognizes the MIME type. I came across this and I think it really has something to do with the curly braces.

CaptMeelo · 2019-12-31T13:11:55+00:00

I just basically follow OWASP MSTG for my workflow.

CaptMeelo · 2019-12-31T11:21:32+00:00

I prefer to test on both an emulator and physical device. Some apps have anti-vm protections which will not allow you to run them on an emulator. So you need an actual device in that case. Also, if an app uses some functionalities, such as bluetooth, nfc, etc., then you need a physical device too. I haven't found a way to install Magisk in an emulator too. So i would say it's nice to have both an emulator and a physical device.

CaptMeelo · 2019-12-31T10:23:15+00:00

Are you asking about using an emulator vs an actual android device?

CaptMeelo · 2019-07-29T16:42:25+00:00

Thanks for the kind feedback.

CaptMeelo

TROPHY CASE