Jump to content

niro

Senior Member
  • Posts

    372
  • Joined

  • Last visited

Reputation

1,161 Pro Member

6 Followers

Profile Information

  • iDevice
    iPhone 8 Plus
  • iOS Version
    9.1.0
  • Gender
    Not Telling
  • Location
    Seattle

Recent Profile Visitors

6,540 profile views
  1. Oh okay. It's the same as iOS 8 ? I didn't know if something newer had come out! Thank you
  2. Hello, I am looking to reverse Snapchat. Is there a way to decrypt iOS apps from the app store and get the libraries the appsl uses on iOS 10.3 I don't mean dumping the headers! Something that I can load up in hooper/Ida Thank you
  3. I hate bumping old posts but I need the download link
  4. Everyone's links don't work. Hopefully these do!
  5. Ahh sheet we leeching all your sh!t m7
  6. niro

    Build Source Code

    Im commenting for the source code C++ be like
  7. Keep saved data as tweak preferences and cydia sources? If that's the case then yes. Just delete yalu and resign it using a pc then re-jailbreak nothing will be erased or deleted
  8. repeater is an option within burp suite (should have mentioned that) but the repeater can repeat certain tasks (like a POST or a GET) without you having to physically do it over again lets say you search google on your phone and then you send it to the repeater you can keep repeating just that request from within burp so you dont have to do it on your phone
  9. Hello, user! Today I'm going to show you how I through this script together and how exactly I found it ! (url with the exploit for the followers will be up soon, (school project final ) Before we start off we must know what exactly this 'bot' does, and what it does is add the respected followers or likes to the share url or the username provided. If you are wanting to replicate this, or even replicate finding vulnerabilities you must understand that we aren't looking at the Instagram app at all, and instead we are targeting third party applications such as 'FollowGram' or 'InstaFamous' these applications provide the opportunity to use an in-game currency such as tokens or coins to redeem followers or likes. Now we need a way to attempt to manipulate the data to increase our coins or tokens, we can first try using our local storage (File manager) on our iOS or Android device, once you have that downloaded you can go ahead and locate the application and you can try to attempt to modify the data, but in most cases this doesn't work for various reasons such as when the application is loaded it checks your local application storage files and compares them to the server and if they are in the slightest different they will reset to the default value (usually this is the first test I do). Next is to MITM the application to try and find any PHP based exploits (which is the fun part) in order to intercept your application you will need to download a tool (Burp Suite is my personal favorite but there are many tools you can use, Charles and MITM-Proxy are a couple others. There are many tutorials online on how to configure this with your device. Once that is setup comes the testing and you have to be patient for this as every application doesn't work. (tutorial with vuln. application coming soon) But let's say you are trying to exploit your favorite application for Instagram followers. Once you have downloaded the application sign into your Instagram account and start intercepting the application, and here comes the part you need to pay attention to, when you have your application up and running you are going to want to do something in the application to get coins/tokens such as following someone or watching a video for 1 free coin, spending your coins, etc. If you have interception on correctly you will see JSON come up on your screen and this WILL vary for every application EXAMPLE OF JSON: {'user'='instagramuser123','follow'='TRUE','coins'='1'} or in some cases user=instagramuser123&follow=TRUE&coins=1 great it's in plain text JSON ! From here you can send this item to the repeater and just repeat this process which makes the server think you are following more people but in reality you are not and this will then increase your balance on the application. If you wanted to change the 'coins'='1' to 'coins'='100' you could try that aswell and see how it goes! Congrats! You found an exploit! But what if this doesn't work? What can I do? Well you can try spending your coins (which I have found effective) Lets say the JSON resembles this when you purchase followers {'action'='spendPoints','coins'='500'} or action=spendPoints&coins=500 well you know how these apps have "if you unfollow a user you will get 5 coins back" or whatever if we change the 'coins'='-500' we are basically saying 500 people unfollowed us so give me my coins back, and so it does . These are just a few of many tricks I have found while trying to find vulnerabilities within applications ! another thing I should have said is you are going to want to keep an eye out for POST requests instead of GET as I basically tell my self POST is for POSTing things to the server instead of GETting them. Most if not all exploits will be with a POST request If you have any questions let me know and I will try to help as much as I can I wont be giving out my personal exploits/scripts but I will be more than happy to help you make/find some Enjoy!
  10. Please Niro Check your KiK

  • Recently Browsing   0 members

    No registered users viewing this page.


    • Administrator |
    • Special Rank |
    • ViP Pro |
    • ViP Jailed |
    • ViP |
    • Cheater  |
    • Modder  |
    • Novice Cheater |
    • Rookie Modder |
    • Contributor |
    • Senior Member |
    • Member |
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy - Guidelines