Hi! In the first attack you made, you said you repackaged the app. That means that user has to reinstall the app. So you can only do the attack if you have access to the actual device, correct? Nice explanation btw I really enjoyed it!
Thank you for your question! When talking about MiTM attacks, most people will understand it as a network attack where the attacker intercepts traffic from a victim (there are different ways to do so) and eavesdrops on the communication. The goal for the attacker is to listen in on data such as logins, or even edit data such as payments that are made. There's already a lot of techniques to prevent this e.g. browsers have built-in security features warning the users about this and SSL Pinning (without hardening from DG/iXG) will be enough. However, when we're talking about reverse engineering the idea is that the attacker performs a MiTM attack on their own device to listen in how the app communicates with its servers. The goal is to get a better understanding on how the server and app work together. This information can be used to plan a larger attack e.g. customized (modded) apps that make use of the service with additional features which are not desired by the app's developers, cheat in games, bypass license checks, etc.
The first attack u tried is one of the two approaches in minute 3:21? or this proxy server attack showed is another approach? can u please tell me how to run that first proxy server attack? Nice video
Thank you for the very in-depth breakdown, it gave me a better understanding of the whole thing.
Very nice technically in-depth video. Also it was a pleasant surprise to see Objective-C in a video from 2021 haha.
High-quality stuff!
Love it.
Amazing thorough explanation, really appreciated!
Hi! In the first attack you made, you said you repackaged the app. That means that user has to reinstall the app. So you can only do the attack if you have access to the actual device, correct?
Nice explanation btw I really enjoyed it!
Thank you for your question! When talking about MiTM attacks, most people will understand it as a network attack where the attacker intercepts traffic from a victim (there are different ways to do so) and eavesdrops on the communication. The goal for the attacker is to listen in on data such as logins, or even edit data such as payments that are made. There's already a lot of techniques to prevent this e.g. browsers have built-in security features warning the users about this and SSL Pinning (without hardening from DG/iXG) will be enough.
However, when we're talking about reverse engineering the idea is that the attacker performs a MiTM attack on their own device to listen in how the app communicates with its servers. The goal is to get a better understanding on how the server and app work together. This information can be used to plan a larger attack e.g. customized (modded) apps that make use of the service with additional features which are not desired by the app's developers, cheat in games, bypass license checks, etc.
very clear explanation, thank you
The first attack u tried is one of the two approaches in minute 3:21? or this proxy server attack showed is another approach? can u please tell me how to run that first proxy server attack? Nice video
😎
Gjmo de vdd vc v.
top😀
1r
No way this guy is a real person lmfao
🥰😍🥰😍🥰😍😘😍😘
A tip : you can watch series at Kaldrostream. I've been using them for watching lots of of movies these days.
@Eden Ronald definitely, have been watching on Kaldrostream for since november myself :)
Uug
Eu gosto de muito de jogo Robin Hood Robin Hood que eu gosto Robin Hood
Nada ver é english
Legal :D