Hacking Fantasy Sports Sites - Mobile App Security Vulnerabilities

Dive into the world of mobile application security with this 46-minute conference talk that exposes vulnerabilities in fantasy sports apps. Learn how to exploit weaknesses in popular Fantasy Football and Baseball mobile applications, manipulate team lineups, and post false comments on message boards. Explore the anatomy of a hack, focusing on JSON and REST formats, and discover how familiar vulnerabilities like SQL and command injection persist in mobile environments. Gain insights into various communication formats, including SOAP, GWTk, and AMF, and understand how to set up a testing environment using tools like WiFi Pineapple. Walk away with practical knowledge on mobile back-end hacking techniques, automation tools, and real-world examples of vulnerabilities in current mobile apps. Receive a comprehensive whitepaper detailing the complete setup demonstrated in the talk.

Intro
Hacking Mobile Apps: WiFi Pineapple
Hacking AMF: Raw traffic AMF is a binary format
Trusting the client
Allowing lifetime sessions
No curfew for requests
Avoiding the 7 Deadly Sins
Hacking Mobile Apps: Fantasy Football
WiFi Pineapple Giveaway!!
Hacking Mobile Apps: The ideal setup