Deeplink

What is a Deep Link?

A deep link is a link that takes you to a specific content. Most web links are deep links.

Ex: Link & Deep Link


What is WebView?

The WebView class is an extension of Android's View class that allows you to display web pages as a part of your activity layout. It does not include any features of a fully developed web browser, such as navigation controls or an address bar. All that WebView does, by default, is show a web page.

Twitter using webview to load the site.

For testing, we will be using the vulnerable webview application to learn how to manually exploit the webview’s in android application. Credentials for the login is username:vuln and password:webview (in case if we need.)


Janus

CVE-2017–13156

A serious vulnerability in Android allows attackers to inject a DEX file into an APK file without affecting the signatures. (i.e. modify the code in applications without affecting their signatures.)

This can be exploited due to the problem, that a Android Package file can be a valid APK file and a valid DEX file at the same time.

This problem was named as Janus, after the Roman god of duality.

Janus vulnerability

Janus vulnerability comes from the possibility to add extra bytes to APK files and to DEX files.

On the one hand, an APK file is a zip archive, which can…


Insecure logging

Before we get started, make sure you have genymotion setup ready. if not follow this guide to setup & configure the genymotion in Linux.

PID Cat

Process ID (PID) Cat is a logcat script which only shows log entries for processes from a specific application package.

Installing PID Cat:

#Download pidcat & make it executable
sudo wget -O /usr/local/bin/pidcat https://raw.githubusercontent.com/JakeWharton/pidcat/master/pidcat.py && sudo chmod +x /usr/local/bin/pidcat

To use PIDCat, you need to pass app identifier which is unique for each application. ex: for whatsapp, com.whatsapp


source: KeyCDN

Web Cache

If a server had to send a new response to every single HTTP request separately, this would likely overload the server, resulting in latency issues and a poor user experience, especially during busy periods. Caching is primarily a means of reducing such issues.

The cache sits between the server and the user, where it saves (caches) the responses to particular requests, usually for a fixed amount of time.

If another user then sends an equivalent request, the cache simply serves a copy of the cached response directly to the user, without any interaction from the back-end.

This greatly eases the…


Android pentesting requires a dedicated environment which provides access to a rooted android device and let us see how to setup easily by using free tools.

Genymotion

When starting out learning, android emulators are the great way to get experience with a variety of devices having different API levels without costing much and Genymotion provides exactly that with great User Experience and easy to configure nature for free.

Note: VirtualBox is used as a core by genymotion to virtualize Android operating systems. So please install VirtualBox in your system in order to proceed: link

Genymotion requires user registration to use its…


Before we get started, we need to have the apk which can be extracted from the device by installing the application through the play store or by downloading the apk from online sources.

For practical, we will be looking for hardcoded google api key.

Now, let’s start analyzing the application by opening it in Jadx (check this post to setup this tool)

Note: Most of the cases, the hardcoded secrets will be found in AndroidManifest.xml and Strings.xml and make sure you check raw folder as well for the secrets.

so if you go through the resources.arsc/res/values/strings.xml …


Android Security

Overview of Android Architecture

Android is an open source, Linux-based software stack created for a wide array of devices and form factors. The following diagram shows the major components of the Android platform.


SAML is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). Which means that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.

SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.

What is SAML used for?


SST

Introduction

Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.

First, Let us start with an introduction about the vulnerability which is needed to get a good understanding of the attack patterns to recognize potential vulnerabilities.

Template Injection

A template engine enables you to use static template files in your application. At runtime, the template engine replaces variables in a…

Kal

Security Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store