WebView class is an extension of Android's
View class that allows you to display web pages as a part of your activity layout. It does not include any features of a fully developed web browser, such as navigation controls or an address bar. All that
WebView does, by default, is show a web page.
For testing, we will be using the vulnerable webview application to learn how to manually exploit the webview’s in android application. Credentials for the login is username:vuln and password:webview (in case if we need.)
A serious vulnerability in Android allows attackers to inject a DEX file into an APK file without affecting the signatures. (i.e. modify the code in applications without affecting their signatures.)
This can be exploited due to the problem, that a Android Package file can be a valid APK file and a valid DEX file at the same time.
This problem was named as Janus, after the Roman god of duality.
Janus vulnerability comes from the possibility to add extra bytes to APK files and to DEX files.
On the one hand, an APK file is a zip archive, which can…
Before we get started, make sure you have genymotion setup ready. if not follow this guide to setup & configure the genymotion in Linux.
Process ID (PID) Cat is a logcat script which only shows log entries for processes from a specific application package.
Installing PID Cat:
#Download pidcat & make it executable
sudo wget -O /usr/local/bin/pidcat https://raw.githubusercontent.com/JakeWharton/pidcat/master/pidcat.py && sudo chmod +x /usr/local/bin/pidcat
To use PIDCat, you need to pass app identifier which is unique for each application. ex: for whatsapp, com.whatsapp
If a server had to send a new response to every single HTTP request separately, this would likely overload the server, resulting in latency issues and a poor user experience, especially during busy periods. Caching is primarily a means of reducing such issues.
The cache sits between the server and the user, where it saves (caches) the responses to particular requests, usually for a fixed amount of time.
If another user then sends an equivalent request, the cache simply serves a copy of the cached response directly to the user, without any interaction from the back-end.
This greatly eases the…
Android pentesting requires a dedicated environment which provides access to a rooted android device and let us see how to setup easily by using free tools.
We will be using AVD which is the default emulator provided by the android studio. Download and perform default installation, once you arrive at this screen, select more actions and click on AVD Manager.
In avd manager, select the device and android version 10 i.e. api 29 and create the device and close the android studio and emulator.
In terminal, run
~/Android/Sdk/emulator/emulator @Android_10 -writable-system -selinux permissive -qemu -enable-kvm to launch the device.
Before we get started, we need to have the apk which can be extracted from the device by installing the application through the play store or by downloading the apk from online sources.
For practical, we will be looking for hardcoded google api key.
Now, let’s start analyzing the application by opening it in Jadx (check this post to setup this tool)
Note: Most of the cases, the hardcoded secrets will be found in AndroidManifest.xml and Strings.xml and make sure you check raw folder as well for the secrets.
so if you go through the resources.arsc/res/values/strings.xml …
SAML is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP). Which means that you can use one set of credentials to log into many different websites. It’s much simpler to manage one login per user than it is to manage separate logins to email, customer relationship management (CRM) software, Active Directory, etc.
SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.
What is SAML used for?
Template Injection, also known as Server-Side Template Injection (SSTI) is a vulnerability class that has established the foundations for the exploitation techniques in multiple template engines. The exploitation of this type of issue will require specific knowledge of the template library or the language being used under the hood.
First, Let us start with an introduction about the vulnerability which is needed to get a good understanding of the attack patterns to recognize potential vulnerabilities.
A template engine enables you to use static template files in your application. At runtime, the template engine replaces variables in a…