Tuesday, May 28, 2024

Facebook Implemented Whitehat Settings for Bug Hunters to Analyze Network Traffic

Facebook Implemented a New Whitehat Settings option to help bug hunters to analyze network traffic on Facebook, Messenger and Instagram Android applications.

You can enable the option from your own account for bug bounty purposes to detect server-side security vulnerabilities.

The new Whitehat Settings enables the security researchers to bypass Facebook’s Certificate Pinning security mechanism, reads the Facebook blog post.

Certificate pinning is a safe security measure to avoid the Man In Middle Attack to secure HTTPS connection. The method of pinning your trusted known certificate along with its fingerprint /serial number in a trusted store is called Certificate Pinning. You can get more details about certificate pinning here.

You can enable the Whitehat Settings option from the Facebook app, and the option is available only with Android client and not with iOS clients.

Whitehat Settings
Settings within the Facebook for Android app

Recently Facebook increased the payout for security researchers to encourage them to find high impact Vulnerabilities. For account takeover, Facebook has a reward of up to $40,000.

Facebook recently announced that they stored hundreds of millions of user’s password in plain text instead of masking it as a human-readable format.

Learn:Mastery Web Hacking and Bug Bounty Bundle

Website

Latest articles

Researchers Exploited Nexus Repository Using Directory Traversal Vulnerability

Hackers target and exploit GitHub repositories for a multitude of reasons and illicit purposes.The...

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles