Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 20:53:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/mobile-pentesting/android-checklist.md

94 lines
6.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Android APK Checklist
<details>
<summary><strong>从零开始学习AWS黑客技术成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTEHackTricks AWS红队专家</strong></a><strong></strong></summary>
* 您在**网络安全公司**工作吗? 想要在HackTricks中看到您的**公司广告** 或者想要访问**PEASS的最新版本或下载HackTricks的PDF** 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)
* 发现我们的独家[NFT收藏品**PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或在**Twitter**上**关注**我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来**分享您的黑客技巧**。
</details>
**Try Hard Security Group**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### [学习Android基础知识](android-app-pentesting/#2-android-application-fundamentals)
* [ ] [基础知识](android-app-pentesting/#fundamentals-review)
* [ ] [Dalvik和Smali](android-app-pentesting/#dalvik--smali)
* [ ] [入口点](android-app-pentesting/#application-entry-points)
* [ ] [活动](android-app-pentesting/#launcher-activity)
* [ ] [URL方案](android-app-pentesting/#url-schemes)
* [ ] [内容提供者](android-app-pentesting/#services)
* [ ] [服务](android-app-pentesting/#services-1)
* [ ] [广播接收器](android-app-pentesting/#broadcast-receivers)
* [ ] [意图](android-app-pentesting/#intents)
* [ ] [意图过滤器](android-app-pentesting/#intent-filter)
* [ ] [其他组件](android-app-pentesting/#other-app-components)
* [ ] 如何使用ADB](android-app-pentesting/#adb-android-debug-bridge)
* [ ] 如何修改Smali](android-app-pentesting/#smali)
### [静态分析](android-app-pentesting/#static-analysis)
* [ ] 检查是否使用[混淆](android-checklist.md#some-obfuscation-deobfuscation-information)检查是否注意到手机是否已root是否正在使用模拟器以及反篡改检查。[阅读此处获取更多信息](android-app-pentesting/#other-checks)。
* [ ] 敏感应用程序如银行应用应检查手机是否已root并应相应地采取行动。
* [ ] 搜索[有趣的字符串](android-app-pentesting/#looking-for-interesting-info)密码、URL、API、加密、后门、令牌、蓝牙uuid等
* [ ] 特别关注[firebase ](android-app-pentesting/#firebase)API。
* [ ] [阅读清单:](android-app-pentesting/#basic-understanding-of-the-application-manifest-xml)
* [ ] 检查应用是否处于调试模式,并尝试“利用”它
* [ ] 检查APK是否允许备份
* [ ] 导出的活动
* [ ] 内容提供者
* [ ] 暴露的服务
* [ ] 广播接收器
* [ ] URL方案
* [ ] 应用程序是否[在内部或外部不安全地保存数据](android-app-pentesting/#insecure-data-storage)
* [ ] 是否有[硬编码的密码或保存在磁盘上的密码](android-app-pentesting/#poorkeymanagementprocesses)?应用程序是否[使用不安全的加密算法](android-app-pentesting/#useofinsecureandordeprecatedalgorithms)
* [ ] 所有使用PIE标志编译的库
* [ ] 不要忘记有许多[静态Android分析工具](android-app-pentesting/#automatic-analysis)可以在此阶段帮助您很多。
### [动态分析](android-app-pentesting/#dynamic-analysis)
* [ ] 准备环境([在线](android-app-pentesting/#online-dynamic-analysis)[本地虚拟机或物理](android-app-pentesting/#local-dynamic-analysis)
* [ ] 是否存在[意外数据泄漏](android-app-pentesting/#unintended-data-leakage)(日志记录、复制/粘贴、崩溃日志)?
* [ ] [保存在SQLite数据库中的机密信息](android-app-pentesting/#sqlite-dbs)
* [ ] [可利用的暴露活动](android-app-pentesting/#exploiting-exported-activities-authorisation-bypass)
* [ ] [可利用的内容提供者](android-app-pentesting/#exploiting-content-providers-accessing-and-manipulating-sensitive-information)
* [ ] [可利用的暴露服务](android-app-pentesting/#exploiting-services)
* [ ] [可利用的广播接收器](android-app-pentesting/#exploiting-broadcast-receivers)
* [ ] 应用程序是否[以明文传输信息/使用弱算法](android-app-pentesting/#insufficient-transport-layer-protection)?是否可能进行中间人攻击?
* [ ] [检查HTTP/HTTPS流量](android-app-pentesting/#inspecting-http-traffic)
* [ ] 这一点非常重要因为如果您可以捕获HTTP流量您可以搜索常见的Web漏洞Hacktricks中有大量关于Web漏洞的信息
* [ ] 检查可能存在的[Android客户端注入](android-app-pentesting/#android-client-side-injections-and-others)(可能一些静态代码分析会有所帮助)
* [ ] [Frida](android-app-pentesting/#frida)只用Frida用它从应用程序中获取有趣的动态数据也许一些密码...
### 一些混淆/反混淆信息
* [ ] [在此处阅读](android-app-pentesting/#obfuscating-deobfuscating-code)
**Try Hard Security Group**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>从零开始学习AWS黑客技术成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTEHackTricks AWS红队专家</strong></a><strong></strong></summary>
* 您在**网络安全公司**工作吗? 想要在HackTricks中看到您的**公司广告** 或者想要访问**PEASS的最新版本或下载HackTricks的PDF** 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)
* 发现我们的独家[NFT收藏品**PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或在**Twitter**上**关注**我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来**分享您的黑客技巧**。
</details>
Reference in a new issue View git blame Copy permalink