Table of Contents
Android Pentesting
Android Pentesting Sources from Hacking articles
- https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
- https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
- https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
- https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
- https://www.hackingarticles.in/android-penetration-testing-frida/
- https://www.hackingarticles.in/android-pentest-lab-setup-adb-command-cheatsheet/
- https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
- https://www.hackingarticles.in/android-penetration-testing-drozer/
- https://www.hackingarticles.in/android-pentest-automated-analysis-using-mobsf/
Oneliner to extract url from apk
apktool -d com.uber -o uberAPK; grep -Phro "(https?://)[\w\,-/]+[\"\']" uberAPK/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|schemes.android\|google\|goo.gl"
Looking for an easy way to open arbitrary URLs in Android apps?
- Download jadx decompiler and install adb
- Open AndroidManifest.xml
- Find all browser activities (must contain )
- Run “adb shell am start -n app_package_name/component_name -a android.intent.action.VIEW -d http://google.com” for each of the activities (or any of your domains). Also track in Burp any requests to http://google.com or your domain
- If a domain is opened, it means you found a vulnerability! Now inspect the request if it contains any auth tokens (if yes, it means you’ve got an account takeover!). No? Try different techniques to obtain any PII. In the worst case you will get a reward like for an XSS
- If you can just open arbitrary links in an app. And use http://google.com (remove the space) in the 4 step.
SSL Pinning via Frida
TikTok Click RCE
Android Reverse Engineering