Skip to content

etolstoy/ParseRevealer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ParseRevealer

Parse Revealer is a pentesting utility for Mac OS X that helps with analysis of Parse account used in an application under test. More info on attacking Parse is available in this article (russian version).

It has the following capabilities at the moment:

  • Validity checking of Parse Application ID and Client Key.
  • Getting the list of access permissions for custom Parse classes.
  • Revealing the structure of custom Parse classes with 'Find' permission set to 'YES',
  • Exporting all the revealed data to .txt.

WARNING: Parse Revealer can leave a trace in Parse classes - it adds new fields and objects when testing the corresponding permissions, so be careful.

Installation

The installation is simple - build and run the application in Xcode.

Usage

  1. Enter the applicationId and clientKey derived from the target app.
  2. Enter the names of Parse classes, also derived from the target, and click 'Save'. Basic Setup
  3. Go to the 'ACL Revealing' tab and click 'Reveal'. After a few seconds you'll see the list of access permissions for all saved classes. ACL Revealing
  4. Go to the 'Structure Revealing' tab, also click 'Reveal', and enjoy the structure of your classes. Structure Revealing
  5. On the last tab you can export all the revealed data to txt format. Export

Version

0.2

Author

Egor Tolstoy - @igrekde.

License

ParseRevealer is available under the MIT license. See the LICENSE file for more info.

Todo's

  • Browse through objects in a specified class,
  • Create, update and delete objects in a specified class,
  • Dump all the classes to different file formats,
  • Stable work with objects-defined ACLs.

About

Pentesting apps using Parse as a backend

Resources

License

Stars

Watchers

Forks

Packages

No packages published