How did we get the lost phone to its owner by taking advantage of the security vulnerability?

By SahinSOLMAZ in CYBER SECURITY, Genel 0 Comment

Greetings friends,

After a long time, I wanted to share a little memory with you. I hope it will be an enjoyable article that you can read easily in a few minutes and will not tire you technically. :)

It was about 7-8 months ago. While walking home, my friend found a cell phone on the sidewalk at the beginning of the street. When he got home, he said he found a phone on the way, and we started talking about how we could get it back to its owner.

The options we found were:

  1. Handing over the cell phone to the police,
  2. Taking it to one of the shopkeepers in the vicinity,
  3. Waiting for the owner of the cell phone to reach us, or
  4. Looking for solutions that will allow us to reach the owner of our thoughts were, the phone :)

We have listed the order of the options from easy to difficult. Of course, when it comes to technical people, we prefer the last option, partly due to our nature. So we would find the owner of the phone! It sounds great, doesn’t it? But how! :)

Continue reading

Yolda bulduğumuz telefonu güvenlik açığından yararlanarak sahibine nasıl ulaştırdık?

By SahinSOLMAZ in CYBER SECURITY, Güvenlik 0 Comment

Selamlar dostlar,

Uzun bir aradan sonra sizlerle küçük bir anımızı paylaşmak istedim. Birkaç dakika içerisinde rahatlıkla okuyabileceğiniz ve teknik olarak sizi yormayacak keyifli bir makale olacağını umuyorum. :)

Bundan yaklaşık 7-8 ay kadar önceydi. Arkadaşım eve doğru yürürken, sokağın başındaki kaldırımda bir cep telefonu buluyor. Eve geldiğinde, yolda bir telefon bulduğunu söylüyor ve bu telefonu sahibine nasıl ulaştırabileceğimizi konuşmaya başlıyoruz.

İlk akla gelen seçenekler şunlar oluyor:

  1. Telefonu polise teslim etmek,
  2. Civardaki esnaflardan birisine teslim etmek,
  3. Telefonun sahibinin bize ulaşmasını beklemek ya da
  4. Bizim telefonun sahibine ulaşmamız. :)

Seçeneklerin sıralamasını ilk akla gelen ve kolaydan zora doğru sıralamış olduk. E tabî teknik kimseler olunca biraz da doğamız gereği biz son seçeneği tercih ettik. Yani telefonun sahibini biz bulacaktık! Kulağa çok hoş geliyor değil mi? Ama nasıl! :)

Continue reading

SSL Pinning Bypass for Android Apps on Windows with Frida

By SahinSOLMAZ in CYBER SECURITY, Genel, Güvenlik 0 Comment

after a long time hi again everyone!

recently, one of my friend has needed to test an Android application as detailed (checking its API requests). and asked me this need’s solution. then I did a test for SSL pinning bypass for an Android application on Windows with Frida. now I will explain all steps here for you.

just a short summary for SSL Pinning:

If the mobile application does not have SSL pinning, the attackers can read the HTTP packets going back and forth between the application and the server over the network with a proxy easly. For this stiation, the SSL pinning method is used, as a precaution. and as with everything, there are some solutions to bypass. we use Frida for SSL pinning bypass in this article. now let’s start!

requirements first:

  • Fiddler (Classic or Everywhere),
  • Python,
  • Frida,
  • Genymotion / Emulator or any other,
  • ADB  – Android Debug Bridge (if you prefer Genymotion, it already has adb tool.)


start:

Continue reading