Latest Articles
Using a custom root CA with Burp for inspecting Android N traffic
TL;DR: Follow these steps to intercept traffic using Burp with a self made root CA on Android (or any browser)…
Intercepting HTTPS Traffic from Apps on Android 7+ using Magisk & Burp
Intercepting HTTPS traffic is a necessity with any mobile security assessment. By adding a custom CA to Android, this can…
A closer look at the security of React Native biometric libraries
Many applications require the user to authenticate inside the application before they can access any content. Depending on the sensitivity…
How to analyze mobile malware: a Cabassous/FluBot Case study
This blogpost explains all the steps I took while analyzing the Cabassous/FluBot malware. I wrote this while analyzing the sample…
Intercepting traffic from Android Flutter applications
Update: The explanation below explains the step for ARMv7. For ARMv8 (64bit), see this blogpost. ⚠️ Update August 2022 ⚠️An update…
Intercepting Flutter traffic on Android (ARMv8)
In a previous blogpost, I explained my steps for reversing the flutter.so binary to identify the correct offset/pattern to bypass…
Intercepting Flutter traffic on iOS
My previous blogposts explained how to intercept Flutter traffic on Android ARMv8, with a detailed follow along guide for ARMv7.…
Proxying Android app traffic – Common issues / checklist (June 2025)
Latest update: June 2025 During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend…
New mobile malware family now also targets Belgian financial apps
While banking trojans have been around for a very long time now, we have never seen a mobile malware family…
Intercept Flutter traffic on iOS and Android (HTTP/HTTPS/Dio Pinning)
Some time ago I wrote some articles on how to Man-In-The-Middle Flutter on iOS, Android (ARM) and Android (ARM64). Those…