Runtime manipulation using Cycript
An essential part of our application assessment methodology is to ensure that the application is protected during runtime. This process of tracing, profiling, and debugging the execution of an app during runtime is called Instrumentation. It includes the following, but its not limited to them:
- Boolean bypass (jailbreak/piracy detection)
- Local authentication bypass
- Extracting sensitive data during runtime, such as private keys, passwords, and so on
- Accessing hidden content by force-loading view controllers
- Malware analysis
- Can be utilized during any custom encryption protocol
The Bypass login method
Let's now go ahead and exploit the vulnerabilities, which include local authentication bypass in the DVIA app.
Open the app ...
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.