76
Teosz
3y

Oh God NO! Please tell me it is not normal for an Android app cumminacating with a rest API to send my login credentials in a fucking GET request!

Comments
  • 7
    Lol. not even in a header or anything. Just ram it in the URL there.
  • 2
    Aaahh just put it in the URL params, if someone ever see it he would definitely have the skills to bypass our security layer so why bother..
  • 3
    P.s : what app is it? Just to remove it in case 😅
  • 1
    Whats the app ?
  • 3
    App of the Hungarian post. Another masterpiece.
  • 2
    @divil
    Argh, ducking autocorrect ;)
  • 3
    @divil
    Nope sometimes it just fucks things up. Or I am a retarded and can't use it... Or both.
  • 2
    IT BURNS MY EYES.

    Seriously. Who is responsible for this atrocity?
  • 2
    @nukasev
    If I have to guess the one guy who did the web interface as well. (I've ranted about it previously.) But I guess it is better for him to stay unknown.
  • 2
    When satan starts making Android apps.
  • 1
    @NyxMC yep and the fact that they use plain HTTP is the real fuckup
  • 1
    Brought to you by...

    ...Me!

    Sometime ago...
    XD
  • 1
    Just be thankful the app is communicating with a rest API and not directly to database, I have a friend said he was recently asked to do that 😒
  • 3
    Hah! Now we have an estimate of your passwords length
  • 1
    @NyxMC @gnaaah @runfrodorun
    It is using https the packet capturer uses SSL stripping. :D
    So I guess it is OK then?
  • 1
    @Teosz I think you mean HTTPS decryption ;)
    Stripping would just leave you with the domain and nothing more
Add Comment