Home

Awesome

ParseRevealer

Parse Revealer is a pentesting utility for Mac OS X that helps with analysis of Parse account used in an application under test. More info on attacking Parse is available in this article (russian version).

It has the following capabilities at the moment:

WARNING: Parse Revealer can leave a trace in Parse classes - it adds new fields and objects when testing the corresponding permissions, so be careful.

Installation

The installation is simple - build and run the application in Xcode.

Usage

  1. Enter the applicationId and clientKey derived from the target app.
  2. Enter the names of Parse classes, also derived from the target, and click 'Save'. Basic Setup
  3. Go to the 'ACL Revealing' tab and click 'Reveal'. After a few seconds you'll see the list of access permissions for all saved classes. ACL Revealing
  4. Go to the 'Structure Revealing' tab, also click 'Reveal', and enjoy the structure of your classes. Structure Revealing
  5. On the last tab you can export all the revealed data to txt format. Export

Version

0.2

Author

Egor Tolstoy - @igrekde.

License

ParseRevealer is available under the MIT license. See the LICENSE file for more info.

Todo's