Add references to reFlutter and fix codesign references

techniques/android/MASTG-TECH-0109.md

@@ -10,7 +10,7 @@ In order to intercept Flutter HTTPS traffic, we need to deal with two problems:
 - Make sure the traffic is sent to the proxy.
 - Disable the TLS verification of any HTTPS connection.
 
-There are generally two approaches to this: **reFlutter** and **Frida**.
+There are generally two approaches to this: **@MASTG-TOOL-0100** and **@MASTG-TOOL-0001**.
 
 - **reFlutter**: This tool creates a modified version of the Flutter module which is then repackaged into the APK. It configures the internal libraries to use a specified proxy and disable the TLS verification.
 - **Frida**: The [disable-flutter-tls.js script](https://github.com/NVISOsecurity/disable-flutter-tls-verification) can dynamically remove the TLS verification without the need for repackaging. As it doesn't modify the proxy configuration, additional steps are needed (e.g. ProxyDroid, DNS, iptables, ...).
@@ -77,7 +77,7 @@ There are generally two approaches to this: **reFlutter** and **Frida**.
    - Select `Bind to address` to `All interfaces`.
    - Request Handling -> support for invisible proxying.
 
-4. Run the @MASTG-TOOL-0101 frida script.
+4. Run the @MASTG-TOOL-0101 Frida script.
 
     ```bash
     frida -U -f eu.nviso.flutterPinning -l disable-flutter-tls.js

techniques/ios/MASTG-TECH-0084.md

@@ -36,7 +36,7 @@ You'll find the debugserver executable in the `/usr/bin/` directory on the mount
 </plist>
 ```
 
-Apply the entitlement with @MASTG-TOOL-0101:
+Apply the entitlement with @MASTG-TOOL-0114:
 
 ```bash
 codesign -s - --entitlements entitlements.plist -f debugserver

techniques/ios/MASTG-TECH-0092.md

@@ -21,7 +21,7 @@ Next, we need to make sure that the Bundle ID in `Info.plist` matches the one sp
 
 ## Re-Signing
 
-Finally, we use the @MASTG-TOOL-0101 tool to re-sign both binaries. You need to use _your own_ signing identity (in this example 8004380F331DCA22CC1B47FB1A805890AE41C938), which you can output by executing the command `security find-identity -v`.
+Finally, we use the @MASTG-TOOL-0114 tool to re-sign both binaries. You need to use _your own_ signing identity (in this example 8004380F331DCA22CC1B47FB1A805890AE41C938), which you can output by executing the command `security find-identity -v`.
 
 ```bash
 $ rm -rf Payload/UnCrackable\ Level\ 1.app/_CodeSignature

techniques/ios/MASTG-TECH-0110.md

@@ -10,7 +10,7 @@ In order to intercept Flutter HTTPS traffic, we need to deal with two problems:
 - Make sure the traffic is sent to the proxy.
 - Disable the TLS verification of any HTTPS connection.
 
-There are generally two approaches to this: **reFlutter** and **Frida**.
+There are generally two approaches to this: **@MASTG-TOOL-0100** and **@MASTG-TOOL-0039**.
 
 - **reFlutter**: This tool creates a modified version of the Flutter module which is then repackaged into the IPA. It configures the internal libraries to use a specified proxy and disable the TLS verification.
 - **Frida**: The [disable-flutter-tls.js script](https://github.com/NVISOsecurity/disable-flutter-tls-verification) can dynamically remove the TLS verification without the need for repackaging. As it doesn't modify the proxy configuration, additional steps are needed (e.g. VPN, DNS, iptables, WIFI hotspot).
@@ -63,7 +63,7 @@ There are generally two approaches to this: **reFlutter** and **Frida**.
    - Select `Bind to address` to `All interfaces`.
    - Request Handling -> support for invisible proxying.
 
-4. Run the @MASTG-TOOL-0101 frida script.
+4. Run the @MASTG-TOOL-0101 Frida script.
 
     ```bash
     frida -U -f eu.nviso.flutterPinning -l disable-flutter-tls.js

techniques/ios/MASTG-TECH-0111.md

@@ -7,7 +7,7 @@ To extract the entitlements from a MachO binary, the following tools can be used
 
 - @MASTG-TOOL-0111
 - @MASTG-TOOL-0105
-- @MASTG-TOOL-0101
+- @MASTG-TOOL-0114
 
 The following examples use these tools on the main binary of @MASTG-APP-0028, which contains two architectures.
 

tests/ios/MASVS-RESILIENCE/MASTG-TEST-0081.md

@@ -13,7 +13,7 @@ masvs_v1_levels:
 
 ## Static Analysis
 
-You have to ensure that the app is [using the latest code signature format](https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format). You can retrieve the signing certificate information from the application's .app file with @MASTG-TOOL-0101. Codesign is used to create, check, and display code signatures, as well as inquire into the dynamic status of signed code in the system.
+You have to ensure that the app is [using the latest code signature format](https://developer.apple.com/documentation/xcode/using-the-latest-code-signature-format). You can retrieve the signing certificate information from the application's .app file with @MASTG-TOOL-0114. Codesign is used to create, check, and display code signatures, as well as inquire into the dynamic status of signed code in the system.
 
 After you get the application's IPA file, re-save it as a ZIP file and decompress the ZIP file. Navigate to the Payload directory, where the application's .app file will be.
 

tools/generic/MASTG-TOOL-0100.md

@@ -4,6 +4,6 @@ platform: generic
 source: https://github.com/Impact-I/reFlutter
 ---
 
-The [reFlutter](https://github.com/Impact-I/reFlutter) framework helps to reverse engineer Flutter apps using the patched version of the Flutter library, which is already compiled and ready for application repackaging. This library has a modified snapshot deserialization process that allows you to perform dynamic analysis.
+The [reFlutter](https://github.com/Impact-I/reFlutter) framework helps to reverse engineer Flutter apps using the patched version of the Flutter library, which is already compiled and ready for application repackaging. This library has a modified snapshot deserialization process that allows you to perform dynamic analysis. reFlutter can also be used for intercepting Flutter HTTPS traffic.
 
 You can install and use reFlutter by following [the official instructions](https://github.com/Impact-I/reFlutter?tab=readme-ov-file#install). More information is also available in the article ["Fork Bomb for Flutter"](https://swarm.ptsecurity.com/fork-bomb-for-flutter/) including details and practical examples.