Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-30 00:20:59 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/mobile-pentesting/android-app-pentesting/react-native-application.md
Translator workflow 54a7bb5de7 Translated to Swahili
2024-02-11 02:13:58 +00:00

62 lines
4.5 KiB
Markdown
Raw Blame History

<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
</details>
# Uchambuzi wa Programu ya React Native
Ili kuthibitisha ikiwa programu imejengwa kwa mfumo wa React Native, fuata hatua hizi:
1. Badilisha jina la faili ya APK na kurefusha kuwa zip na kuitoa kwenye folda mpya kwa kutumia amri `cp com.example.apk example-apk.zip` na `unzip -qq example-apk.zip -d ReactNative`.
2. Nenda kwenye folda ya ReactNative iliyoundwa na tafuta folda ya mali. Ndani ya folda hii, unapaswa kupata faili `index.android.bundle`, ambayo ina JavaScript ya React iliyopunguzwa kwa muundo mdogo.
3. Tumia amri `find . -print | grep -i ".bundle$"` kutafuta faili ya JavaScript.
Ili kuchambua zaidi nambari ya JavaScript, tengeneza faili iitwayo `index.html` kwenye saraka hiyo hiyo na nambari ifuatayo:
```html
<script src="./index.android.bundle"></script>
```
Unaweza kupakia faili kwenye [https://spaceraccoon.github.io/webpack-exploder/](https://spaceraccoon.github.io/webpack-exploder/) au fuata hatua hizi:
1. Fungua faili ya `index.html` kwenye Google Chrome.
2. Fungua Jopo la Watengenezaji kwa kubonyeza **Command+Option+J kwa OS X** au **Control+Shift+J kwa Windows**.
3. Bonyeza "Sources" kwenye Jopo la Watengenezaji. Unapaswa kuona faili ya JavaScript iliyogawanyika katika folda na faili, ambazo zinaunda pakiti kuu.
Ikiwa utapata faili inayoitwa `index.android.bundle.map`, utaweza kuchambua nambari ya chanzo katika muundo usiofupishwa. Faili za ramani zina habari za kufuatilia chanzo, ambazo zinaruhusu kuweka alama vitambulisho vilivyofupishwa.
Kutafuta vitambulisho na sehemu nyeti, fuata hatua hizi:
1. Tambua maneno muhimu ya kutathmini nambari ya JavaScript. Programu za React Native mara nyingi hutumia huduma za watu wa tatu kama vile Firebase, AWS S3, funguo za faragha, nk.
2. Katika kesi hii maalum, iligundulika kuwa programu ilikuwa ikatumia huduma ya Dialogflow. Tafuta muundo unaohusiana na usanidi wake.
3. Ilikuwa bahati kwamba vitambulisho nyeti vilivyofungwa kwa nguvu vilipatikana katika nambari ya JavaScript wakati wa mchakato wa uchunguzi.
## Marejeo
* [https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7](https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7)
<details>
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Njia nyingine za kusaidia HackTricks:
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**swag rasmi wa PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**The PEASS Family**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) za kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au **kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PR kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
Reference in a new issue View git blame Copy permalink