I have gone through some of your videos... I am now a huge fan , Can you release a video where an emulator cannot be detected by specific apps or can be detected as a real device?
In most cases there wouldn't be much difference in using websockets for a web app and an iOS app for all practical purposes. Once you are able to intercept network traffic from the iOS app (which I have covered in other videos on my channel), it's all just API requests that can be tested with Burp Suite just like any API.
Yes it is. It may not be easily bypassed in every app because some apps may have some more robust types of pinning implemented. In those cases, it may require some additional reverse engineering to figure it out, but most typical SSL pinning implementations can be bypassed with Frida or Objection.
There really isn't any single solution for that kind of thing. You would just need to know how to reverse engineer the application and use that information to create a custom Frida script to bypass those functions. I may be making a video sometime soon about reversing and writing custom Frida scripts, but you would have to use those skills to adapt them to your own situation.
If want to check out this lab, you can find it here: portswigger.net/web-security/websockets/cross-site-websocket-hijacking/lab
First comment here. Love your content. ❤
thank you for this!
Great work
Thanks!
I have gone through some of your videos... I am now a huge fan , Can you release a video where an emulator cannot be detected by specific apps or can be detected as a real device?
do you think you can do a video about websockets for an IOS app?
In most cases there wouldn't be much difference in using websockets for a web app and an iOS app for all practical purposes. Once you are able to intercept network traffic from the iOS app (which I have covered in other videos on my channel), it's all just API requests that can be tested with Burp Suite just like any API.
i know this is unrelated to the video but, is ssl security bypassable in android versions 11 and up?
Yes it is. It may not be easily bypassed in every app because some apps may have some more robust types of pinning implemented. In those cases, it may require some additional reverse engineering to figure it out, but most typical SSL pinning implementations can be bypassed with Frida or Objection.
@CorSecure do you know any guides for breaching more robust apps?
There really isn't any single solution for that kind of thing. You would just need to know how to reverse engineer the application and use that information to create a custom Frida script to bypass those functions. I may be making a video sometime soon about reversing and writing custom Frida scripts, but you would have to use those skills to adapt them to your own situation.
@CorSecure sounds like a great idea and very helpful thnx!