black-box-testing

1 article

sort: new top best

bug-bounty504 google358 xss310 microsoft301 facebook265 rce221 exploit213 malware168 apple164 cve142 account-takeover116 bragging-post102 privilege-escalation98 csrf92 phishing86 browser80 writeup78 supply-chain69 authentication-bypass69 dos68 stored-xss65 ssrf57 reflected-xss57 reverse-engineering55 react54 access-control52 aws49 input-validation49 cross-site-scripting48 docker47 cloudflare47 lfi47 web-security46 node46 ctf45 sql-injection45 smart-contract45 ethereum44 web-application44 web343 defi43 oauth43 race-condition40 open-source39 auth-bypass39 pentest39 cloud38 idor37 burp-suite36 info-disclosure36

0 7/10

Bypassing custom Token Authentication in a Mobile App

vulnerability

A security researcher bypassed a custom token-based rate-limiting protection in an Android application by using FRIDA to dynamically hook and overload the native token generation method at runtime, allowing brute-force attacks to succeed by circumventing rate-limit detection through method signature manipulation.

token-authentication brute-force rate-limiting android native-code frida method-overloading dynamic-instrumentation apk-analysis jadx ida reverse-engineering binary-analysis black-box-testing

FRIDA JADX IDA Burpsuite Genymotion Android ACME

medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 23 hours ago · details