Sensitive Data Leaked via Screenshots #2917
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cpholguera
reviewed
Oct 29, 2024
There was a problem hiding this comment.
Maybe we should generalize the title to cover for screenshots and screen recording.
|
@serek8 This might be useful for iOS: https://developer.apple.com/documentation/uikit/uiscreen/2921651-iscaptured
It seems this is used in this dependency called ScreenShield that allows to blur the screen in case a screenshot or screen-recording is happening while using the app: https://github.com/JayantBadlani/ScreenShield/blob/b71ea2010d7536d25cbf9bc3a802c114ae4dbf4d/Source/ScreenShield.swift#L28 But it doesn't work for iOS 18 as Seems the succcessor is now sceneCaptureState |
* Add frida option as it is more convenient * rm xposed, update link and add new references and numbering --------- Co-authored-by: Carlos Holguera <[email protected]>
…OWASP#2925) * - Refactored bash scripts in MASTG-DEMO-0013, MASTG-DEMO-0018, and MASTG-DEMO-0019 to use a shebang and redirect output to files. - Updated MASTG-DEMO-0013, MASTG-DEMO-0014, MASTG-DEMO-0018 and MASTG-DEMO-0019 to include assembly code and swift code decompiled by AI * fix broken links
* Create MASWE-0109.md * Update MASWE-0109.md * Create MASWE-0110.md * Create MASWE-0111.md * Create MASWE-0112.md * Create ASWE-0113.md * Rename ASWE-0113.md to MASWE-0113.md * Update MASWE-0111.md * Update MASWE-0113.md * Update MASWE-0109.md * Update MASWE-0110.md * Update MASWE-0111.md * Update MASWE-0112.md * Update MASWE-0113.md * Update MASWE-0111.md spelling fix * Apply grammar fixes from code review Co-authored-by: Jeroen Beckers <[email protected]> * Update MASWE-0109.md * Update MASWE-0109.md * Update MASWE-0110.md * Update MASWE-0110.md * Update MASWE-0111.md * Update MASWE-0112.md * Update weaknesses/MASVS-PRIVACY/MASWE-0113.md Co-authored-by: Jeroen Beckers <[email protected]> * Update weaknesses/MASVS-PRIVACY/MASWE-0109.md Co-authored-by: Sven <[email protected]> * Update weaknesses/MASVS-PRIVACY/MASWE-0111.md Co-authored-by: Sven <[email protected]> * Update MASWE-0112.md * Apply suggestions from code review by @cpholguera * fix md linter issues * updated content and created new weaknesses including references --------- Co-authored-by: Carlos Holguera <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Sven <[email protected]>
* fix android mappings * fix broken links
Remove the $ from commands in the style guide.
* Port MASTG test 0087 * Update texts * Update MASTG-TECH-0082: Enhance shared libraries identification and analysis * Add MASTG-TECH-0118: Obtaining compiler provided security features in iOS * Deprecate MASTG-TEST-0087 * Update MASTG-TEST-0x87 tests: Improve documentation on security features and testing steps for PIC, stack canaries, and ARC * Fix title * Fix typos and improve clarity on stack canaries and ARC --------- Co-authored-by: Carlos Holguera <[email protected]>
* Port a static test * Add a deprecation note * fix IDs and titles * Refine logging API test content for clarity and accuracy --------- Co-authored-by: Carlos Holguera <[email protected]>
* Add MASTG-TEST-0231 for weak encryption modes in Android * fix typo * fix ID * Update tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0231.md * Apply suggestions from code review Co-authored-by: Copilot <[email protected]> * Update tests-beta/android/MASVS-CRYPTO/MASTG-TEST-0231.md --------- Co-authored-by: Copilot <[email protected]>
* Rename and update mitigations using IDs and add index * Update mitigations to tests metadata * Add support for mitigations in cross-references and metadata generation * Add mitigations section to documentation and update navigation * Remove remediation section from MASTG-TEST-0204.md
* Port MASTG test 0019 * Fix markdown * Review feedback * Add Frida to trace traffic * Apply suggestions from code review * Refine MASTG-TEST-0x19-1.md for clarity on hardcoded HTTP URLs and their usage * Update covered_by references in MASTG-TEST-0019.md to reflect new test cases * Rename MASTG-TEST-0x19 test cases to MASTG-TEST-0233 through MASTG-TEST-0239 * update IDs * Update MASTG-TEST-0233 to modify title, improve evaluation and add related test references * Update MASTG-TEST-0239 note to clarify potential support for multiple weaknesses * Add --- at end of files for MASTG-TEST-0237, MASTG-TEST-0238, and MASTG-TEST-0239 * rm bare URL --------- Co-authored-by: Carlos Holguera <[email protected]>
* Added tool Apkleaks * fix lint * updated changes * updated tool ID * Update techniques/android/MASTG-TECH-0022.md * Update tools/android/MASTG-TOOL-0125.md --------- Co-authored-by: Appknox <[email protected]> Co-authored-by: Carlos Holguera <[email protected]>
Fixed link to Objective C Runtime documentation
Added 14 permissions: android.permission.THREAD_NETWORK_PRIVILEGED android.permission.RECORD_SENSITIVE_CONTENT android.permission.RECEIVE_SENSITIVE_NOTIFICATIONS android.permission.WRITE_VERIFICATION_STATE_E2EE_CONTACT_KEYS android.permission.READ_DROPBOX_DATA android.permission.WRITE_FLAGS android.permission.REPORT_USAGE_STATS android.permission.MANAGE_DISPLAYS android.permission.RESTRICT_DISPLAY_MODES android.permission.ACCESS_HIDDEN_PROFILES_FULL android.permission.GET_BACKGROUND_INSTALLED_PACKAGES android.permission.REGISTER_NSD_OFFLOAD_ENGINE android.permission.ACCESS_LAST_KNOWN_CELL_ID android.permission.USE_COMPANION_TRANSPORTS
* Update MASTG-TOOL-0056.md Updated keychain_dumper to be usable on rootless jb * Fix linting and url * Update tools/ios/MASTG-TOOL-0056.md --------- Co-authored-by: Carlos Holguera <[email protected]>
* Add deprecation notes for MASTG-TESTs * Add deprecated status to theme and extra sections in mkdocs.yml * Add support for 'deprecated' status in tags for markdown pages * Add status for tests in dynamic tables * Add draft banner for MASTG v2 tests and deprecated banner for MASTG v1 tests
* updated patching IPAs * update lint error * updated ID for fastlane * Extracted Sideloadly to a separate tool and restructured a bit * Fix linting * Reviewed fastlane and moved httptoolkit to different tool nr * Move files around * Fix linting * Fix tool collision * Fix broken link * Fix link * Update MASTG-TECH-0079: Change title and enhance instructions for obtaining a developer provisioning profile * Update MASTG-TECH-0090 and MASTG-TECH-0091: Revise titles and enhance instructions for injecting Frida Gadget and libraries into IPA files * Update MASTG-TECH-0092: Revise title and enhance instructions for repackaging and re-signing IPA files using Fastlane * fix IDs * Add MASTG-TECH-0119: Launching a repackaged app in debug mode * Update MASTG-TECH-0055: Replace previous title and redundant content. Fix IDs * Update MASTG-TECH-0090, MASTG-TECH-0091, and MASTG-TECH-0092: Enhance instructions for injecting Frida Gadget and streamline the installation process --------- Co-authored-by: Sven Schleier <[email protected]> Co-authored-by: Jeroen Beckers <[email protected]> Co-authored-by: Carlos Holguera <[email protected]>
* Update index.md * add r2con
|
Continued in #3112 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR closes #2695