Testing for mobile | Whitehat Help Center

Facebook

Unsupported Browser

You're using a browser that isn't supported by Facebook, so we've redirected you to a simpler version to give you the best experience.

Help Center

General

Testing for mobile

You can analyze mobile traffic to and from your own device for Whitehat bug bounty purposes. Enabling these Whitehat settings on your Facebook, Messenger, and Instagram mobile apps will make it easier for you to review the apps and find server side vulnerabilities. Read more about this here . With these new settings, you can:

Enable proxy for Platform API requests (applies to Facebook on Android only)

Allow user installed Certificate Authorities

Choose not to use TLS 1.3 to allow you to work with proxies such as Burp or Charles which currently only support up to TLS 1.2

These settings are configured in two places. The first is via the Web UI and the second is via the app UI. In other words, to access these settings from your mobile device, you must first enabled them from your Facebook account through the Web. This topic will show you how to enable these settings.

NOTE:

For the security of your account, we advise turning these settings off when not testing our platform to find Whitehat bug bounty vulnerabilities.

Enable the settings via Web UI

Before you can access these settings from your mobile apps, you must first enabled them through the Web UI. To enable these settings from the Web UI, follow these guidelines:

Go to https://www.facebook.com/whitehat/researcher-settings/

Enable settings (check all that applies):

Enable the Whitehat Settings menu for your Facebook account

Enable the Whitehat Settings menu for your Whitehat test accounts

Select which apps to apply these settings for (Facebook, Messenger, and/or Instagram). This is a multi-select options; check all that applies.

To ensure the settings show up in each mobile apps, we recommend you sign out from each mobile app, close the app, then open the app and sign in again. The sign in process will fetch the new configuration and setting updates you have just made. You only need to do this once, or whenever you make changes to these settings

Enable these features from within each app. See the instructions for each of the Android apps below.

NOTE:

To test Instagram app using these settings, you must first link your Instagram app with your Facebook app. For instructions on how to do that, click
here .

Data Policy

Terms