In this online video ‘Swing VPN’ is just freshly installed from the Perform Retail store and getting monitored by mitmproxy. Right after application startup, language selection and acceptance of privateness policy the application starts off to determine out ‘real IP address’ by undertaking a ask for to both equally google and bing with question “what is my ip”.
My guess is that the application just parses the returned HTML and figures IP from those responses. These ip ask for wanted, as we will see later on, to determine out which config documents to load. The application loads various configs and does diverse actions primarily based on not only nation or region of the user but also on the web provider in just the region.
- Can a VPN safeguard my social media marketing balances?
- Are there any VPNs for around the net sports activities internet streaming?
- Are VPNs appropriate?
- Can a VPN give protection to me from hackers?
- Can a VPN look after my web business transactions?
- What is considered VPN encryption?
After the required config kind is determined in this video the Swing VPN does a few of requests to 2 diverse config information saved in own google travel account of the app creator. The config files are requested from unique personal servers, a couple of github repositories or a couple google push accounts.
My guess is that config file area could be identified by daytime but I have not spent any time to confirm that as it is not essential. As before long as configs are retrieved the application connects to ad community to load advertisements. This concludes the application initialization method. Soon after this application merchants details into a regional cache and proceeds to DDOS a web site returned from the config. And this is how the app behaves over time following being close.
Hint it still tries to do it DDOS even though it is not cyberghost vpn reddit becoming utilized. From this log we can see that the app is requesting a specific endpoint of ‘tm/flights/search’.
Since flight search is really intensive duties that necessitates a large amount of databases and server sources then it is distinct that that the intention is to worry server out of methods so that normal users is not going to be in a position to acess it when wanted. And even however 1 request for every ten seconds could possibly look that it does not performing DDOS the dilemma is in total of install foundation. Now in the beginning of June 2023 it has over 5 million install base on android and even if you split it by 10 it has a potention of 500k RPS. Which is fairly impressive to be equipped to take care of for a small website created most likely in PHP.
Sidenote: The app does not respect privacy. While undertaking this small investigation I discovered out that the application does not treatment about privacy. It most likely additional the button ‘I Take the privateness policy’ just to make playstore accept the application but in reality it is just a button that does not do nearly anything.
So we just went through outer seem of how the app app does it actions relevant to DDOS’ing other web-sites. But I could have put in some other application in the background perhaps with related icon which did all the nasty things just to idiot you. So now let’s dive further inside the application and the real configurations saved in the application which you can do by yourself to verify that it is in fact the ‘Swing VPN – Speedy VPN Proxy’ that is responsible for all this actions.
Some general facts about android apk:The application uses two custom made native libraries to just obfuscate it’s perform and complicate the reverse engineering course of action.