Vulnerability that allows you to download the invoices of any phone number registered at Movistar. It was found using mitmproxy on the mobile Android app, and is the result of a faulty Oauth authentication implementation.

Continue reading...

Continuing with this post, we will now try to perform a MITM atack over the vulnerable subdomains with mitmproxy.

Continue reading...

In this post I will explain how I managed to download the private key of an SSL certificate, essentially allowing me to install a valid copy of it on a personal server, and impersonate any website the original web server is hosting without triggering any validation errors.

Continue reading...