![]() We will see that its defence is worthless. This Activity is also hiding behind intent filter. So in the above code, we can see that, Activity “APICredsActivity” is called by Activity Manager as “”. Basically here, we are finding out how this particular activity is being called. Now we would need to check AndroidManifest.xml, to further investigate on the working process of the application. Components such as activities, services, content providers are prone to this. Hint: Components of an app can be accessed from other apps or users if they are not properly protected. Now, try to access the API credentials from outside the app. Objective: You are able to access the API credentials when you click the button. Damn Insecure and Vulnerable Application – Part IVĪs we have completed the first eight challenges, so now, let’s move on to the 9 th challenge which is “Access Control Issues Part 1”.Damn Insecure and Vulnerable Application – Part III.Damn Insecure and Vulnerable Application – Part II.Damn Insecure and Vulnerable Application – Part I.Android Application and it’s Architecture (PPT).If you don’t know about the above points, then I would recommend you read the following posts: Input Validation Issues which leads to Local File Inclusion.Input Validation Issues which leads to SQL injections.Insecure data storage in hidden text file.Insecure data storage in randomly generated temporary file.Insecure data storage in SQLite database file.Getting the logs of the android application.Knowing about the process which is executed when we click to launch the application.Installing android application using adb.Connecting to the android device using android debug bridge.Till now we have discussed about the following things: In the end of the post you may find a document on how to install Burp’s CA Certificate in an Android Device. In this post I would continue to solve the challenges that is in the vulnerable application “diva”. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |