GolfQuis: a golfing iOS game built by Boolex that leaks passwords
I was looking for a company to help me build a small prototype for an idea I had for a mobile application. So to find a company I asked around, and someone mentioned the company Boolex. I naturally wanted to check out the quality of their work before going any further.
They didn’t list any references, which was the first warning sign, but upon contact they mentioned they created the game GolfQuis for iOS.
My first tool of choice is usually mitmproxy, a Python application that can run as a proxy; it lets me inspect the traffic made by whichever clients that connect.
To run it, you first need to get your computer and your device on the same network, then run mitmproxy -p 4242
, and point the device to use the proxy with the IP of your computer, with the port of 4242
.
I downloaded GolfQuis and listened in on the traffic. First, I created a user, and my username and password was sent to...