Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 20:53:37 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/mobile-pentesting/android-checklist.md

100 lines
6.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Android APK Checklist
{% hint style="success" %}
学习和实践 AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习和实践 GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>支持 HackTricks</summary>
* 查看 [**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram 群组**](https://t.me/peass) 或 **在** **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)** 上关注我们。**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库提交 PR 来分享黑客技巧。
</details>
{% endhint %}
**Try Hard Security Group**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### [学习 Android 基础](android-app-pentesting/#2-android-application-fundamentals)
* [ ] [基础知识](android-app-pentesting/#fundamentals-review)
* [ ] [Dalvik & Smali](android-app-pentesting/#dalvik--smali)
* [ ] [入口点](android-app-pentesting/#application-entry-points)
* [ ] [活动](android-app-pentesting/#launcher-activity)
* [ ] [URL 方案](android-app-pentesting/#url-schemes)
* [ ] [内容提供者](android-app-pentesting/#services)
* [ ] [服务](android-app-pentesting/#services-1)
* [ ] [广播接收器](android-app-pentesting/#broadcast-receivers)
* [ ] [意图](android-app-pentesting/#intents)
* [ ] [意图过滤器](android-app-pentesting/#intent-filter)
* [ ] [其他组件](android-app-pentesting/#other-app-components)
* [ ] [如何使用 ADB](android-app-pentesting/#adb-android-debug-bridge)
* [ ] [如何修改 Smali](android-app-pentesting/#smali)
### [静态分析](android-app-pentesting/#static-analysis)
* [ ] 检查是否使用了 [混淆](android-checklist.md#some-obfuscation-deobfuscation-information),检查手机是否已被 root是否使用了模拟器以及反篡改检查。[阅读更多信息](android-app-pentesting/#other-checks)。
* [ ] 敏感应用(如银行应用)应检查手机是否已被 root并应采取相应措施。
* [ ] 搜索 [有趣的字符串](android-app-pentesting/#looking-for-interesting-info)密码、URL、API、加密、后门、令牌、蓝牙 UUID...)。
* [ ] 特别注意 [firebase](android-app-pentesting/#firebase) API。
* [ ] [阅读清单:](android-app-pentesting/#basic-understanding-of-the-application-manifest-xml)
* [ ] 检查应用是否处于调试模式并尝试“利用”它
* [ ] 检查 APK 是否允许备份
* [ ] 导出的活动
* [ ] 内容提供者
* [ ] 暴露的服务
* [ ] 广播接收器
* [ ] URL 方案
* [ ] 应用是否 [不安全地保存内部或外部数据](android-app-pentesting/#insecure-data-storage)?
* [ ] 是否有任何 [密码硬编码或保存在磁盘上](android-app-pentesting/#poorkeymanagementprocesses)? 应用是否 [使用不安全的加密算法](android-app-pentesting/#useofinsecureandordeprecatedalgorithms)?
* [ ] 所有库是否都使用 PIE 标志编译?
* [ ] 不要忘记有一堆 [静态 Android 分析工具](android-app-pentesting/#automatic-analysis) 可以在此阶段帮助你。
### [动态分析](android-app-pentesting/#dynamic-analysis)
* [ ] 准备环境([在线](android-app-pentesting/#online-dynamic-analysis)[本地 VM 或物理](android-app-pentesting/#local-dynamic-analysis)
* [ ] 是否有任何 [意外的数据泄露](android-app-pentesting/#unintended-data-leakage)(日志记录、复制/粘贴、崩溃日志)?
* [ ] [机密信息是否保存在 SQLite 数据库中](android-app-pentesting/#sqlite-dbs)?
* [ ] [可利用的暴露活动](android-app-pentesting/#exploiting-exported-activities-authorisation-bypass)?
* [ ] [可利用的内容提供者](android-app-pentesting/#exploiting-content-providers-accessing-and-manipulating-sensitive-information)?
* [ ] [可利用的暴露服务](android-app-pentesting/#exploiting-services)?
* [ ] [可利用的广播接收器](android-app-pentesting/#exploiting-broadcast-receivers)?
* [ ] 应用是否 [以明文传输信息/使用弱算法](android-app-pentesting/#insufficient-transport-layer-protection)? 是否可能发生中间人攻击?
* [ ] [检查 HTTP/HTTPS 流量](android-app-pentesting/#inspecting-http-traffic)
* [ ] 这一点非常重要,因为如果你能捕获 HTTP 流量,你可以搜索常见的 Web 漏洞Hacktricks 有很多关于 Web 漏洞的信息)。
* [ ] 检查可能的 [Android 客户端侧注入](android-app-pentesting/#android-client-side-injections-and-others)(可能一些静态代码分析会在这里有所帮助)
* [ ] [Frida](android-app-pentesting/#frida): 仅使用 Frida从应用中获取有趣的动态数据也许一些密码...
### 一些混淆/去混淆信息
* [ ] [在这里阅读](android-app-pentesting/#obfuscating-deobfuscating-code)
**Try Hard Security Group**
<figure><img src="/.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
{% hint style="success" %}
学习和实践 AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
学习和实践 GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>支持 HackTricks</summary>
* 查看 [**订阅计划**](https://github.com/sponsors/carlospolop)!
* **加入** 💬 [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**telegram 群组**](https://t.me/peass) 或 **在** **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)** 上关注我们。**
* **通过向** [**HackTricks**](https://github.com/carlospolop/hacktricks) 和 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github 仓库提交 PR 来分享黑客技巧。
</details>
{% endhint %}
Reference in a new issue View git blame Copy permalink