hacktricks/mobile-pentesting/android-app-pentesting/react-native-application.md

69 lines
4.4 KiB
Markdown
Raw Normal View History

2022-04-28 16:01:33 +00:00
<details>
2024-01-13 22:03:42 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-13 22:03:42 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-13 22:03:42 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>
2024-02-03 16:02:14 +00:00
# React Native Application Analysis
2022-04-28 16:01:33 +00:00
2024-02-03 16:02:14 +00:00
To confirm if the application was built on the React Native framework, follow these steps:
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
1. Rename the APK file with a zip extension and extract it to a new folder using the command `cp com.example.apk example-apk.zip` and `unzip -qq example-apk.zip -d ReactNative`.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
2. Navigate to the newly created ReactNative folder and locate the assets folder. Inside this folder, you should find the file `index.android.bundle`, which contains the React JavaScript in a minified format.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
3. Use the command `find . -print | grep -i ".bundle$"` to search for the JavaScript file.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
To further analyze the JavaScript code, create a file named `index.html` in the same directory with the following code:
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
```html
<script src="./index.android.bundle"></script>
2021-11-03 10:22:49 +00:00
```
2024-02-03 16:02:14 +00:00
You can upload the file to [https://spaceraccoon.github.io/webpack-exploder/](https://spaceraccoon.github.io/webpack-exploder/) or follow these steps:
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
1. Open the `index.html` file in Google Chrome.
2021-08-09 12:26:47 +00:00
2024-02-03 16:02:14 +00:00
2. Open the Developer Toolbar by pressing **Command+Option+J for OS X** or **Control+Shift+J for Windows**.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
3. Click on "Sources" in the Developer Toolbar. You should see a JavaScript file that is split into folders and files, making up the main bundle.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
If you find a file called `index.android.bundle.map`, you will be able to analyze the source code in an unminified format. Map files contain source mapping, which allows you to map minified identifiers.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
To search for sensitive credentials and endpoints, follow these steps:
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
1. Identify sensitive keywords to analyze the JavaScript code. React Native applications often use third-party services like Firebase, AWS S3 service endpoints, private keys, etc.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
2. In this specific case, the application was observed to be using the Dialogflow service. Search for a pattern related to its configuration.
2021-02-01 09:24:10 +00:00
2024-02-03 16:02:14 +00:00
3. It was fortunate that sensitive hard-coded credentials were found in the JavaScript code during the recon process.
2021-02-01 09:24:10 +00:00
2024-02-08 03:08:28 +00:00
## References
2024-02-03 16:02:14 +00:00
* [https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7](https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7)
2022-04-28 16:01:33 +00:00
<details>
2024-01-13 22:03:42 +00:00
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
2022-04-28 16:01:33 +00:00
2024-01-13 22:03:42 +00:00
Other ways to support HackTricks:
2022-04-28 16:01:33 +00:00
2024-01-13 22:03:42 +00:00
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
2022-04-28 16:01:33 +00:00
</details>