Explore techniques for exploiting web application APIs through Android apps in this 30-minute Black Hat USA 2013 conference talk. Learn how to use JRuby to manipulate APK code, bypass security measures implemented for mobile experiences, and leverage Burp Suite with its Ruby interface to identify API vulnerabilities. Discover methods for retrieving private keys, creating unlimited accounts on social networks, and utilizing custom cryptographic routines without deep implementation knowledge. Gain insights into real-world case studies demonstrating these attack vectors against popular applications.
Abusing Web APIs Through Scripted Android Applications
Overview
Syllabus
Black Hat USA 2013 - Abusing Web APIs Through Scripted Android Applications
Taught by
Black Hat
Related Courses
-
Scripting Android Applications for Social Botnet Creation - Network Exploitation Techniques
-
PRNG Pwning Random Number Generators in PHP Applications
-
When Security Gets in the Way - Pen Testing Apps That Use Certificate Pinning
-
A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
