mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 20:53:37 +00:00
327 lines
18 KiB
Markdown
327 lines
18 KiB
Markdown
# Cordova-toepassings
|
|
|
|
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-opslag.
|
|
|
|
</details>
|
|
|
|
**Vir verdere besonderhede, kyk na [https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58](https://infosecwriteups.com/recreating-cordova-mobile-apps-to-bypass-security-implementations-8845ff7bdc58)**. Hier is 'n opsomming:
|
|
|
|
Apache Cordova word erken vir die moontlikheid om **hibriede toepassings** te ontwikkel met behulp van **JavaScript, HTML en CSS**. Dit maak die skep van Android- en iOS-toepassings moontlik; egter, dit het nie 'n verstek meganisme vir die beveiliging van die toepassing se bronkode nie. In teenstelling met React Native, kompileer Cordova nie die bronkode standaard nie, wat kan lei tot kode-manipulasie kwesbaarhede. Cordova maak gebruik van WebView om toepassings te vertoon, wat die HTML- en JavaScript-kode blootstel selfs nadat dit in APK- of IPA-lêers gekompileer is. Aan die ander kant gebruik React Native 'n JavaScript VM om JavaScript-kode uit te voer, wat beter bronkodebeskerming bied.
|
|
|
|
### Kloning van 'n Cordova-toepassing
|
|
|
|
Voordat jy 'n Cordova-toepassing kloon, verseker dat NodeJS geïnstalleer is, tesame met ander vereistes soos die Android SDK, Java JDK en Gradle. Die amptelike Cordova [dokumentasie](https://cordova.apache.org/docs/en/11.x/guide/cli/#install-pre-requisites-for-building) bied 'n omvattende gids vir hierdie installasies.
|
|
|
|
Neem byvoorbeeld 'n toepassing genaamd `Bank.apk` met die pakketsnaam `com.android.bank`. Om toegang tot die bronkode te verkry, pak `bank.apk` uit en navigeer na die `bank/assets/www`-map. Hierdie map bevat die volledige bronkode van die toepassing, insluitend HTML- en JS-lêers. Die konfigurasie van die toepassing kan gevind word in `bank/res/xml/config.xml`.
|
|
|
|
Volg hierdie stappe om die toepassing te kloon:
|
|
```bash
|
|
npm install -g cordova@latest
|
|
cordova create bank-new com.android.bank Bank
|
|
cd bank-new
|
|
```
|
|
Kopieer die inhoud van `bank/assets/www` na `bank-new/www`, met uitsluiting van `cordova_plugins.js`, `cordova.js`, `cordova-js-src/`, en die `plugins/` gids.
|
|
|
|
Spesifiseer die platform (Android of iOS) wanneer jy 'n nuwe Cordova projek skep. Voeg die Android platform by vir die kloning van 'n Android app. Let daarop dat Cordova se platform weergawes en Android API vlakke verskillend is. Raadpleeg die Cordova [dokumentasie](https://cordova.apache.org/docs/en/11.x/guide/platforms/android/) vir besonderhede oor platform weergawes en ondersteunde Android APIs.
|
|
|
|
Om die toepaslike Cordova Android platform weergawe te bepaal, kyk na die `PLATFORM_VERSION_BUILD_LABEL` in die oorspronklike toepassing se `cordova.js` lêer.
|
|
|
|
Nadat die platform opgestel is, installeer die vereiste plugins. Die oorspronklike toepassing se `bank/assets/www/cordova_plugins.js` lêer lys al die plugins en hul weergawes. Installeer elke plugin afsonderlik soos hieronder getoon:
|
|
```bash
|
|
cd bank-new
|
|
cordova plugin add cordova-plugin-dialogs@2.0.1
|
|
```
|
|
As 'n invoegtoepassing nie beskikbaar is op npm nie, kan dit vanaf GitHub verkry word:
|
|
```bash
|
|
cd bank-new
|
|
cordova plugin add https://github.com/moderna/cordova-plugin-cache.git
|
|
```
|
|
Maak seker dat al die voorvereistes voldoen word voordat jy begin kompileer:
|
|
|
|
```bash
|
|
$ sudo apt-get install git wget curl unzip -y
|
|
$ sudo apt-get install openjdk-8-jdk -y
|
|
$ sudo apt-get install ant -y
|
|
$ sudo apt-get install gradle -y
|
|
$ sudo apt-get install android-sdk -y
|
|
$ sudo apt-get install android-sdk-build-tools -y
|
|
$ sudo apt-get install android-sdk-platform-tools -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-build-tools-23 -y
|
|
$ sudo apt-get install android-sdk-build-tools-25 -y
|
|
$ sudo apt-get install android-sdk-build-tools-26 -y
|
|
$ sudo apt-get install android-sdk-build-tools-27 -y
|
|
$ sudo apt-get install android-sdk-build-tools-28 -y
|
|
$ sudo apt-get install android-sdk-build-tools-29 -y
|
|
$ sudo apt-get install android-sdk-build-tools-30 -y
|
|
$ sudo apt-get install android-sdk-build-tools-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
$ sudo apt-get install android-sdk-platform-23 -y
|
|
$ sudo apt-get install android-sdk-platform-25 -y
|
|
$ sudo apt-get install android-sdk-platform-26 -y
|
|
$ sudo apt-get install android-sdk-platform-27 -y
|
|
$ sudo apt-get install android-sdk-platform-28 -y
|
|
$ sudo apt-get install android-sdk-platform-29 -y
|
|
$ sudo apt-get install android-sdk-platform-30 -y
|
|
$ sudo apt-get install android-sdk-platform-31 -y
|
|
```
|
|
```bash
|
|
cd bank-new
|
|
cordova requirements
|
|
```
|
|
Om die APK te bou, gebruik die volgende bevel:
|
|
```bash
|
|
cd bank-new
|
|
cordova build android — packageType=apk
|
|
```
|
|
Hierdie bevel genereer 'n APK met die debug-opsie geaktiveer, wat foutopsporing via Google Chrome vergemaklik. Dit is noodsaaklik om die APK te onderteken voordat dit geïnstalleer word, veral as die toepassing kodeverandering-opsporingsmeganismes bevat.
|
|
|
|
### Outomatiseringstool
|
|
|
|
Vir diegene wat die kloonproses wil outomatiseer, is **[MobSecco](https://github.com/Anof-cyber/MobSecco)** 'n aanbevole hulpmiddel. Dit vereenvoudig die kloon van Android-toepassings deur die stappe hierbo beskryf.
|
|
|
|
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking vanaf nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks-uitrusting**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou haktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.
|
|
|
|
</details>
|