How I bypassed payment in one of the popular mobile apk and got free subsciption

Helloo hackers, I hope you are doing well, in this blog I’m gonna show you how I bypassed the payment in one of the popular talking application. At the time of this writing this applicatoin has over 4M+ downloads. Bypassing payment was quite easy.

Let’s do this.

One day I decided to learn speak English. So, I searched on you tube how can I improve my english speaking. There in, one of the video, the guy was sponsoring the talking application obviously I had to pay subsciption fee to talk to the people. That caught my eye.

Immediatly I went on play store and searched the application. I was astonished by the user it had. I thought, the security of the application would be high. But still I decided to give it a try :)

As I had my mobile testing setup on NOX. Only thing I had to do is to setup the proxy and download the application.

All done, Now it’s time for playing with the application. First I tried for the account takeover vulnerability as it’s my one of the favorite vulnerability. But didn’t succeed.

Immidiatly I moved to the payment functionality, there, I saw subsciption package. I choose random package and start caputring request.

Request was looked something like the below.

I just changed the actual_amount to the rupees 1.

And guess whatttt !! succeed. Quite easy haahhahh.

Got the payment bypassed. And got the subsciption package ;)

I never thought such popular application may have such silly mistakes in their application.

Now I learned one thing is that what we think is not what actually is. In my case If I hadn’t thought of giving a try. I wouldn’t be able to discover this vulnerability.

I hope you gained some knowledge or learned something new.

If you wanna connect me to linkedin here its.

If this blog add some value in your learning journey don’t forget to hit clapp button👏👏

Thank you for reading this blog😄😊 see you in the next blog 🙌🙌.

HAPPY HACKING ❤️❤️