Yet another day night that curiosity and free time lead me to open burp and start lurking around. This time I will talk about my findings in another of those apps that makes commuting easier which name I agreed not to disclose.
It did not take long to find an interesting JSON response containing (among other things): Read more
After looking at Lyft, it was turn to check out Flywheel. Flywheel is yet another app to help you find cabs just as Uber does. During my pentest I found several serious security problems.
Yep, just like it sounds. Flywheel lets you set a default tip that will be added to the total cost so you don’t have to bother about tipping the driver. The app gives you several options (15%, 20%, 25%). When we set a tip, the request looks like this: Read more
As a regular user of apps like Lyft, Uber, Flywheel and anything that makes commuting more convenient, curiosity and free time lead me to open Burp and start lurking.
Lyft offers the option to enter coupons to get credit for rides. A way to attract new customers and retain current ones. The request to validate such coupons looks like this: Read more