# Crusader Research > Original security research from Crusader: recon, mobile, bug-class deep dives, and agentic security. Crusader Research publishes original, methodology-first security research from the team behind Crusader — an HTTP/S intercepting proxy for web, mobile, and AI-agent testing. Articles are written to be practical and reproducible. Every article is also available as clean Markdown: append `index.md` to any post URL. ## Articles - [Winning web race conditions with the single-packet attack](https://crusaderproxy.com/research/en/posts/winning-the-race-condition-bugs/): The exploit window for a race condition is often sub-millisecond, but network jitter between your requests is 1-10ms — so they get serialized and the bug looks dead. The single-packet attack collapses that jitter to zero. Here's the mechanism, the math, and where it pays. - [Tearing the APK apart: the static pass that finds a critical before you set a proxy](https://crusaderproxy.com/research/en/posts/reading-the-apk-static-analysis/): The APK on your disk is your target's source code, config, and secrets in one zip. One curl against a Firebase URL you grep out of strings.xml can be a world-readable database — the whole report, before you intercept a single request. Here's the static pass that finds it. - [SSRF past the easy filters: URL-parser confusion and the metadata endpoint](https://crusaderproxy.com/research/en/posts/ssrf-past-the-easy-filters/): The allowlist and the HTTP client parse your URL differently — that gap is where modern SSRF lives. Here's the exact parser-confusion payloads, the IMDSv2 token dance from inside a container, the gopher-to-Redis RCE chain, and why you confirm it out-of-band, not in the response body. - [Parameter mining: brute-forcing 65,000 inputs in 40 requests](https://crusaderproxy.com/research/en/posts/hidden-parameter-mining/): You can't send 65,000 candidate parameter names one per request — the target would rate-limit you into next week. Binary-search bucketing packs 128 names into one request and splits only the buckets that move the response. Here's the mechanism, the who-wins HPP table, and the mass-assignment payloads that turn a hidden field into admin. - [Line jumping: how a poisoned MCP tool hijacks a model that was never called](https://crusaderproxy.com/research/en/posts/mcp-security-auditing-your-ai-tools/): An MCP tool's description is loaded into the model's context at tools/list time — before the tool is ever invoked. That one protocol detail turns a description field into a prompt-injection payload that fires even if the user never touches the tool. Here's the mechanism, the attack classes, and the audit that catches them. - [IDOR lives in the second identifier: finding BOLA with two-account Shadow Replay](https://crusaderproxy.com/research/en/posts/finding-idor-bola-with-shadow-replay/): Everyone fuzzes the ID in the URL path; the ID in the path is usually the one the app actually checks. The access-control bug is hiding in the account_id in the body, the node(id:) resolver, the async PDF job, and the PUT you never sent. Here's where BOLA really lives and how to diff it in two accounts. - [Indirect prompt injection is SSRF for the agent era](https://crusaderproxy.com/research/en/posts/prompt-injection-is-the-new-ssrf/): SSRF is a server fetching an attacker's URL and trusting the response. Indirect prompt injection is an agent reading attacker content and trusting it as instructions. Same missing boundary between data and control — here are the exact gadgets, the encodings that beat filters, and why 'ignore previous instructions' stopped working years ago. - [The Android 14 CA move that broke every '/system/etc' pinning tutorial](https://crusaderproxy.com/research/en/posts/intercepting-mobile-apps-that-fight-back/): Since Android 14 the system CA trust store lives in an updatable APEX module, so remounting /system/etc/security/cacerts silently does nothing. That's why the classic 'copy your cert to /system' tutorials fail on new devices — plus the Flutter wall, native double-pinning, and the proxy-ignore detection trap. - [The richest recon target is a file you already downloaded](https://crusaderproxy.com/research/en/posts/passive-recon-from-proxy-history/): Passive recon isn't running quieter scans — it's re-reading the traffic you already captured. The JS bundle you loaded ships a source map that rebuilds the original codebase, a chunk manifest listing every hidden admin route, and a bootstrap state object with the current user's role. No new requests, nothing to detect. ## Series - Recon Notes (2): https://crusaderproxy.com/research/en/series/recon-notes/ - Mobile Lab (2): https://crusaderproxy.com/research/en/series/mobile-lab/ - Bug Class Deep Dives (3): https://crusaderproxy.com/research/en/series/bug-class-deep-dives/ - Agentic Security (2): https://crusaderproxy.com/research/en/series/agentic-security/ ## About Crusader - [Crusader](https://crusaderproxy.com/): the intercepting proxy these techniques are written for. - [Download Crusader (free)](https://crusaderproxy.com/#install): Windows, macOS, and Linux. - [Documentation](https://crusaderproxy.com/docs/): setup, identities, Shadow Replay, scope, and more.