O'Reilly logo

Mobile Application Penetration Testing by Vijay Kumar Velu

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Runtime manipulation using Cycript

An essential part of our application assessment methodology is to ensure that the application is protected during runtime. This process of tracing, profiling, and debugging the execution of an app during runtime is called Instrumentation. It includes the following, but its not limited to them:

  • Boolean bypass (jailbreak/piracy detection)
  • Local authentication bypass
  • Extracting sensitive data during runtime, such as private keys, passwords, and so on
  • Accessing hidden content by force-loading view controllers
  • Malware analysis
  • Can be utilized during any custom encryption protocol

The Bypass login method

Let's now go ahead and exploit the vulnerabilities, which include local authentication bypass in the DVIA app.

Open the app ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required