H4hacks

 Hi Guys, This is a repost of the blog that was written on  https://yetanothersec.com/blog/2020/06/03/digilocker-disclosure/  as the yas portal is facing technical issues everynow and then. Also apologies for the bad quality of screen shots, i will find old files and update it later. D uring the beginning of May 2020, there was a large commotion about the arogyasetu app and its security after a so called “hack” by infamous political hacker named Elliot Alderson. In light of all this, we at the YAS (Yet Another Security) community, had some talks in our WhatsApp group. So, it turned out to be a discussion on techniques used for bypassing SSL pinning on the mobile apps. This whole discussion made be curious about other apps from India government and since I have worked on similar projects outside of India, digilocker caught my attention. Hence, I downloaded the app and installed on my test devices and fired up my favorite toolset burpsuite + Frida. I used my homebrewed pinn...