Abusing Web APIs Through Scripted Android Applications

Explore techniques for exploiting web application APIs through Android apps in this 30-minute Black Hat USA 2013 conference talk. Learn how to use JRuby to manipulate APK code, bypass security measures implemented for mobile experiences, and leverage Burp Suite with its Ruby interface to identify API vulnerabilities. Discover methods for retrieving private keys, creating unlimited accounts on social networks, and utilizing custom cryptographic routines without deep implementation knowledge. Gain insights into real-world case studies demonstrating these attack vectors against popular applications.