서버 및 기타 정보
local, ip, port, server, dev, test, admin, secret, password, user, token, api, key
엔드포인트
http, js, asp, php, jsp, html, db, sql
쇼핑
coupon, code, dicount
라이브러리
gson, runtime.exe, webView.loadUrl
문자열 xml 파일 헌팅
- In /res/values/strings.xml <resources> <string name="secret_string">Juicy Secret</string> </resources> - res/values/public.xml (it specifies the mapping) <public type"string" name="secret_string" id="0x7f07002b"/> - In the Java code String secret = getResources().getString(R.string.secret_string); |
기능
1. RunTime.exec()
2. gson
Google gson's library: (문자열 <-> 객체로 전환 가능한 라이브러리(악성 APK에서 잘 사용함)
"Gson is a Java library that can be used to convert Java Objects into their JSON representation. It can also be used to convert a JSON string to an equivalent Java object."
shared_prefs.xml
shared_prefs is where developers put xml files containing application preferences and other customisation data.
Sometimes Oauth2 tokens go in here, other times usernames and passwords go here in either plane text or encrypted format.
If the data is encrypted the property name will still be visible and you’ll see a random looking base64 encoded string for the value. Don’t worry, the application needs to be able to decrypt this so the encryption mechanism will be in the source code viewable through JD-GUI. Have a look until you find the encryption mechanism. Raise a ticket.
Non-trivial aspects to reverse
-Encrypted strings / values
-Complex algorithms
-DexClassLoader
Find the loaded classes.dex and unpack it separately
-Reflective calls
'버그헌팅 > 방법론' 카테고리의 다른 글
| JD-GUI 팁 (0) | 2019.04.03 |
|---|---|
| URL SCHEME 버그바운티 (0) | 2019.03.26 |
| Android Intent필터 XSS 버그헌팅 (0) | 2019.02.28 |
| Bypass firewalls by DNS history (0) | 2019.02.21 |
| Recon 및 해킹 도구 (1) | 2019.02.14 |