From the course: Android App Security: A Structured Approach to Pen Testing
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Application testing: Password change - Android Tutorial
From the course: Android App Security: A Structured Approach to Pen Testing
Application testing: Password change
- [Instructor] Now that we have successfully attempted a brute force attack on this application, let's see what other tests we can run on this application using Burp Suite. So let us begin by logging into this application first. (typing noises) Before pressing login, let's turn the intercept off, and log in. Now, I can see that we have three options here: make a transfer, view account statement, and change the password. Let's see what we can do with the change password request. Here, it is directly prompting me to enter the new password, which in itself is a vulnerability because if the account is compromised or the device is compromised with an active session, the attacker can directly go ahead and change the password. So let's generate a request. Let me change the password to (typing noises) password at 123. Click on change password. And now I can see that the password is here. Let me just send this to Repeater,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.