mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 20:53:37 +00:00
18 KiB
18 KiB
Cordova-toepassings
Leer AWS-hacking vanaf nul tot held met htARTE (HackTricks AWS Red Team Expert)!
Ander maniere om HackTricks te ondersteun:
- As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat, kyk na die SUBSCRIPTION PLANS!
- Kry die amptelike PEASS & HackTricks swag
- Ontdek The PEASS Family, ons versameling eksklusiewe NFTs
- Sluit aan by die 💬 Discord-groep of die telegram-groep of volg ons op Twitter 🐦 @carlospolopm.
- Deel jou haktruuks deur PR's in te dien by die HackTricks en HackTricks Cloud github-opslag.
Vir verdere besonderhede, kyk na https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58. Hier is 'n opsomming:
Apache Cordova word erken vir die moontlikheid om hibriede toepassings te ontwikkel met behulp van JavaScript, HTML en CSS. Dit maak die skep van Android- en iOS-toepassings moontlik; egter, dit het nie 'n verstek meganisme vir die beveiliging van die toepassing se bronkode nie. In teenstelling met React Native, kompileer Cordova nie die bronkode standaard nie, wat kan lei tot kode-manipulasie kwesbaarhede. Cordova maak gebruik van WebView om toepassings te vertoon, wat die HTML- en JavaScript-kode blootstel selfs nadat dit in APK- of IPA-lêers gekompileer is. Aan die ander kant gebruik React Native 'n JavaScript VM om JavaScript-kode uit te voer, wat beter bronkodebeskerming bied.
Kloning van 'n Cordova-toepassing
Voordat jy 'n Cordova-toepassing kloon, verseker dat NodeJS geïnstalleer is, tesame met ander vereistes soos die Android SDK, Java JDK en Gradle. Die amptelike Cordova dokumentasie bied 'n omvattende gids vir hierdie installasies.
Neem byvoorbeeld 'n toepassing genaamd Bank.apk met die pakketsnaam com.android.bank. Om toegang tot die bronkode te verkry, pak bank.apk uit en navigeer na die bank/assets/www-map. Hierdie map bevat die volledige bronkode van die toepassing, insluitend HTML- en JS-lêers. Die konfigurasie van die toepassing kan gevind word in bank/res/xml/config.xml.
Volg hierdie stappe om die toepassing te kloon:
npm install -g cordova@latest
cordova create bank-new com.android.bank Bank
cd bank-new
Kopieer die inhoud van bank/assets/www na bank-new/www, met uitsluiting van cordova_plugins.js, cordova.js, cordova-js-src/, en die plugins/ gids.
Spesifiseer die platform (Android of iOS) wanneer jy 'n nuwe Cordova projek skep. Voeg die Android platform by vir die kloning van 'n Android app. Let daarop dat Cordova se platform weergawes en Android API vlakke verskillend is. Raadpleeg die Cordova dokumentasie vir besonderhede oor platform weergawes en ondersteunde Android APIs.
Om die toepaslike Cordova Android platform weergawe te bepaal, kyk na die PLATFORM_VERSION_BUILD_LABEL in die oorspronklike toepassing se cordova.js lêer.
Nadat die platform opgestel is, installeer die vereiste plugins. Die oorspronklike toepassing se bank/assets/www/cordova_plugins.js lêer lys al die plugins en hul weergawes. Installeer elke plugin afsonderlik soos hieronder getoon:
cd bank-new
cordova plugin add cordova-plugin-dialogs@2.0.1
As 'n invoegtoepassing nie beskikbaar is op npm nie, kan dit vanaf GitHub verkry word:
cd bank-new
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git
Maak seker dat al die voorvereistes voldoen word voordat jy begin kompileer:
$ sudo apt-get install git wget curl unzip -y
$ sudo apt-get install openjdk-8-jdk -y
$ sudo apt-get install ant -y
$ sudo apt-get install gradle -y
$ sudo apt-get install android-sdk -y
$ sudo apt-get install android-sdk-build-tools -y
$ sudo apt-get install android-sdk-platform-tools -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-build-tools-23 -y
$ sudo apt-get install android-sdk-build-tools-25 -y
$ sudo apt-get install android-sdk-build-tools-26 -y
$ sudo apt-get install android-sdk-build-tools-27 -y
$ sudo apt-get install android-sdk-build-tools-28 -y
$ sudo apt-get install android-sdk-build-tools-29 -y
$ sudo apt-get install android-sdk-build-tools-30 -y
$ sudo apt-get install android-sdk-build-tools-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
$ sudo apt-get install android-sdk-platform-23 -y
$ sudo apt-get install android-sdk-platform-25 -y
$ sudo apt-get install android-sdk-platform-26 -y
$ sudo apt-get install android-sdk-platform-27 -y
$ sudo apt-get install android-sdk-platform-28 -y
$ sudo apt-get install android-sdk-platform-29 -y
$ sudo apt-get install android-sdk-platform-30 -y
$ sudo apt-get install android-sdk-platform-31 -y
cd bank-new
cordova requirements
Om die APK te bou, gebruik die volgende bevel:
cd bank-new
cordova build android — packageType=apk
Hierdie bevel genereer 'n APK met die debug-opsie geaktiveer, wat foutopsporing via Google Chrome vergemaklik. Dit is noodsaaklik om die APK te onderteken voordat dit geïnstalleer word, veral as die toepassing kodeverandering-opsporingsmeganismes bevat.
Outomatiseringstool
Vir diegene wat die kloonproses wil outomatiseer, is MobSecco 'n aanbevole hulpmiddel. Dit vereenvoudig die kloon van Android-toepassings deur die stappe hierbo beskryf.
Leer AWS-hacking vanaf nul tot held met htARTE (HackTricks AWS Red Team Expert)!
Ander maniere om HackTricks te ondersteun:
- As jy wil sien dat jou maatskappy geadverteer word in HackTricks of HackTricks aflaai in PDF-formaat, kyk na die SUBSCRIPTION PLANS!
- Kry die amptelike PEASS & HackTricks-uitrusting
- Ontdek The PEASS Family, ons versameling eksklusiewe NFTs
- Sluit aan by die 💬 Discord-groep of die telegram-groep of volg ons op Twitter 🐦 @carlospolopm.
- Deel jou haktruuks deur PR's in te dien by die HackTricks en HackTricks Cloud GitHub-opslagplekke.