mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-30 06:53:11 +00:00
98 lines
7 KiB
Markdown
98 lines
7 KiB
Markdown
# Android APK Checklist
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
|
|
|
|
{% embed url="https://academy.8ksec.io/" %}
|
|
|
|
### [Learn Android fundamentals](android-app-pentesting/#2-android-application-fundamentals)
|
|
|
|
* [ ] [Basics](android-app-pentesting/#fundamentals-review)
|
|
* [ ] [Dalvik & Smali](android-app-pentesting/#dalvik--smali)
|
|
* [ ] [Entry points](android-app-pentesting/#application-entry-points)
|
|
* [ ] [Activities](android-app-pentesting/#launcher-activity)
|
|
* [ ] [URL Schemes](android-app-pentesting/#url-schemes)
|
|
* [ ] [Content Providers](android-app-pentesting/#services)
|
|
* [ ] [Services](android-app-pentesting/#services-1)
|
|
* [ ] [Broadcast Receivers](android-app-pentesting/#broadcast-receivers)
|
|
* [ ] [Intents](android-app-pentesting/#intents)
|
|
* [ ] [Intent Filter](android-app-pentesting/#intent-filter)
|
|
* [ ] [Other components](android-app-pentesting/#other-app-components)
|
|
* [ ] [How to use ADB](android-app-pentesting/#adb-android-debug-bridge)
|
|
* [ ] [How to modify Smali](android-app-pentesting/#smali)
|
|
|
|
### [Static Analysis](android-app-pentesting/#static-analysis)
|
|
|
|
* [ ] Check for the use of [obfuscation](android-checklist.md#some-obfuscation-deobfuscation-information), checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. [Read this for more info](android-app-pentesting/#other-checks).
|
|
* [ ] Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
|
|
* [ ] Search for [interesting strings](android-app-pentesting/#looking-for-interesting-info) (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
|
|
* [ ] Special attention to [firebase ](android-app-pentesting/#firebase)APIs.
|
|
* [ ] [Read the manifest:](android-app-pentesting/#basic-understanding-of-the-application-manifest-xml)
|
|
* [ ] Check if the application is in debug mode and try to "exploit" it
|
|
* [ ] Check if the APK allows backups
|
|
* [ ] Exported Activities
|
|
* [ ] Content Providers
|
|
* [ ] Exposed services
|
|
* [ ] Broadcast Receivers
|
|
* [ ] URL Schemes
|
|
* [ ] Is the application s[aving data insecurely internally or externally](android-app-pentesting/#insecure-data-storage)?
|
|
* [ ] Is there any [password hard coded or saved in disk](android-app-pentesting/#poorkeymanagementprocesses)? Is the app [using insecurely crypto algorithms](android-app-pentesting/#useofinsecureandordeprecatedalgorithms)?
|
|
* [ ] All the libraries compiled using the PIE flag?
|
|
* [ ] Don't forget that there is a bunch of[ static Android Analyzers](android-app-pentesting/#automatic-analysis) that can help you a lot during this phase.
|
|
|
|
### [Dynamic Analysis](android-app-pentesting/#dynamic-analysis)
|
|
|
|
* [ ] Prepare the environment ([online](android-app-pentesting/#online-dynamic-analysis), [local VM or physical](android-app-pentesting/#local-dynamic-analysis))
|
|
* [ ] Is there any [unintended data leakage](android-app-pentesting/#unintended-data-leakage) (logging, copy/paste, crash logs)?
|
|
* [ ] [Confidential information being saved in SQLite dbs](android-app-pentesting/#sqlite-dbs)?
|
|
* [ ] [Exploitable exposed Activities](android-app-pentesting/#exploiting-exported-activities-authorisation-bypass)?
|
|
* [ ] [Exploitable Content Providers](android-app-pentesting/#exploiting-content-providers-accessing-and-manipulating-sensitive-information)?
|
|
* [ ] [Exploitable exposed Services](android-app-pentesting/#exploiting-services)?
|
|
* [ ] [Exploitable Broadcast Receivers](android-app-pentesting/#exploiting-broadcast-receivers)?
|
|
* [ ] Is the application [transmitting information in clear text/using weak algorithms](android-app-pentesting/#insufficient-transport-layer-protection)? is a MitM possible?
|
|
* [ ] [Inspect HTTP/HTTPS traffic](android-app-pentesting/#inspecting-http-traffic)
|
|
* [ ] This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
|
|
* [ ] Check for possible [Android Client Side Injections](android-app-pentesting/#android-client-side-injections-and-others) (probably some static code analysis will help here)
|
|
* [ ] [Frida](android-app-pentesting/#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
|
|
|
|
### Some obfuscation/Deobfuscation information
|
|
|
|
* [ ] [Read here](android-app-pentesting/#obfuscating-deobfuscating-code)
|
|
|
|
<figure><img src="/.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
|
|
|
Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
|
|
|
|
{% embed url="https://academy.8ksec.io/" %}
|
|
|
|
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|