Thursday, May 26, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

Cybersecfill by Cybersecfill
March 28, 2019
in Blog
8
Facebook
Share on FacebookShare on Twitter

Facebook has introduced a new feature in it’s platforms which has been designed to make it easier for bug bounty hunters to find security flaws in facebook,Messenger and Instagram Android applications.

With all Facebook-owned apps using a security mechanism  such as Certificate Pinning to ensure integrity and confidentiality of the traffic, it makes it harder for white hat hackers and security researchers to intercept and analyze network traffic to find server-side security vulnerabilities.

What is Certificate Pinning

Certificate Pinning is a security mechanism designed to prevent users of an application from being a victim of network-based attacks by automatically rejecting the whole connection from sites that offer bogus SSL certificates.

How To Hack Facebook

Dubbed “Whitehat Settings,” the new option now lets researchers easily bypass Certificate Pinning on the Facebook-owned mobile apps by:

  • Disabling Facebook’s TLS 1.3 support
  • Enabling proxy for Platform API requests
  • Using user-installed certificates

“Choose not to use TLS 1.3 to allow you to work with proxies such as Burp or Charles which currently only support up to TLS 1.2,” Facebook says.

 

Whitehat Settings is not visible to everyone by default. Instead, researchers have to explicitly enable this feature for their Android apps from a web interface on the Facebook website, as shown.

“To ensure the settings show up in each mobile apps, we recommend you sign out from each mobile app, close the app, then open the app and sign in again. The sign in process will fetch the new configuration and setting updates you have just made. You only need to do this once, or whenever you make changes to these settings,” Facebook says.

How to Hack Instagram Using the Facebook’s New Settings

If you want to test the Instagram app for security vulnerabilities using the newly-launched Whitehat Settings, you are first advised to link your Instagram app with your Facebook app.

It should be noted that Whitehat Settings are not meant for everyone to use, as it reduces the security for Facebook apps installed on your device.

“For the security of your account, we advise turning these settings off when not testing our platform to find Whitehat bug bounty vulnerabilities,” says facebook”

There are other companies that challenges hackers.Find the complete list of bug bounty programs here

Tags: Bug bountyFacebookGoogleHackingPenetration testing
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
ASUS software updates were used to spread malware

How to Check if Your ASUS Laptop Has Been Hacked

0 0 votes
Article Rating
8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
business blog
business blog
3 years ago

I truly love your site.. Very nice colors & theme.
Did you develop this website yourself? Please reply back
as I’m looking to create my own personal website and want to know where you got this from or exactly what the theme is named.
Cheers!

0
Cybersecfill
Cybersecfill
Author
Reply to  business blog
3 years ago

Thank you!
No I did not develop it myself.
Contact motiv8technologies http://www.motiv8technologies.com they did the work

0
write sample articles
write sample articles
3 years ago

I do not know whether it’s just me or if everyone else encountering
problems with your website. It looks like some of the
text within your posts are running off the screen. Can someone else please provide feedback and let me know if this is happening to them too?
This could be a problem with my web browser because I’ve had this happen previously.
Thank you

0
sneakers.sneakers sale,
sneakers.sneakers sale,
3 years ago

Hi there! Do you know if they make any plugins to safeguard against hackers?

I’m kinda paranoid about losing everything I’ve worked hard on. Any tips?

0
Cybersecfill
Cybersecfill
Author
Reply to  sneakers.sneakers sale,
3 years ago

Hi, I understand your fears but there is no plugin that can safeguard against hackers.You can only take precautionary measures

0
shoes sale
shoes sale
3 years ago

Your method of describing the whole thing in this piece of writing is actually pleasant,
every one be capable of effortlessly understand it, Thanks a lot.

0
sneakers.sneakers sale,
sneakers.sneakers sale,
3 years ago

This design is steller! You most certainly know how to keep a reader entertained.
Between your wit and your videos, I was almost moved to
start my own blog (well, almost…HaHa!) Wonderful job.
I really loved what you had to say, and more than that,
how you presented it. Too cool!

0
Cybersecfill
Cybersecfill
Author
Reply to  sneakers.sneakers sale,
3 years ago

Thank you !!!.Never too late to start your blog,Cheers

0
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

7
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022
Can IT Security Solutions Protect Private Cell Networks?

Can IT Security Solutions Protect Private Cell Networks?

May 25, 2022
Behind That Crypto Wallet…Is a Tenacious Hacker!!!

Behind That Crypto Wallet…Is a Tenacious Hacker!!!

April 28, 2022
Evolution of The Digital Generation…

Evolution of The Digital Generation…

April 22, 2022

Recommended

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022
Can IT Security Solutions Protect Private Cell Networks?

Can IT Security Solutions Protect Private Cell Networks?

May 25, 2022
Behind That Crypto Wallet…Is a Tenacious Hacker!!!

Behind That Crypto Wallet…Is a Tenacious Hacker!!!

April 28, 2022
Evolution of The Digital Generation…

Evolution of The Digital Generation…

April 22, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz

Privacy Policy - Terms and Conditions