Android Pentesting
par bug bounty
1. Weak Hashing & Encryption
2. iOS Security Model & Legacy Issue
2.1. Root Detection & Sandboxing
2.2. SSL Unpinning using Mallory
2.3. Use of Disabling certificate validation
3. Weak Cryptography
3.1. Poor key management process
3.2. Use of custom encryption protocols
3.2.1. Copy Paste Caching / Clipboard Leaking
4. Unintended Data Leakage
4.1. Logcat/ Logging
4.2. URL Caching (Both request and response)
4.3. GitHub
4.4. Keypress Caching & AutoCorrection Database
5. Reverse Engineering / Debugging
5.1. Unauthorized Code Modification
5.2. Insecure version of OS Installation Allowed
5.3. Code Obfuscation
6. Web-Based Exploitation
6.1. Abuse WebView
6.2. JS Enable Functionality
7. apkcombo.com
8. Lab Setup
8.1. Rooted Device
8.2. Genymotion
8.3. Burp Suite
8.4. APKTool & Dex2Jar
8.5. Jadx-GUI
8.6. MobSF & Qark
8.7. Drozer
9. Application Installation
9.1. From PlayStore
9.2. ADB
10. Insecure Data Storage
10.1. Android Directory Structure
10.2. In Sqlite Database
10.3. In shared_preference.xml
10.4. tmp directory
10.5. Source Code
10.6. Cache Directory
11. IPC / Components Exploitation
11.1. Exploit Exported Activity
11.2. Exploit Broadcast Receiver
11.3. Scheme
11.3.1. Custom Scheme
11.3.2. Universal Link
11.4. Exploit Content Provider
11.5. Misconfig Intent & Intent Filter
12. Runtime / Dynamic Analysis
12.1. Client/Server Side Attack
12.1.1. Sql Injection
12.1.2. Cross-site Scripting
12.1.3. Prediction Injection
12.1.4. XML Injection
12.2. Application Level DOS
12.3. Broken Authentication & Session Management
12.3.1. Session Terminating after Password Reset
12.3.2. Expired Token can be reused
12.3.3. Authentication Bypass using Success Response
12.3.4. OAuth Flow & 2FA Bypass
12.3.5. Cleartext Tranmission
12.4. Broken Access Control (BAC)
12.4.1. SSRF
12.4.2. Prev Escalation & IDOR
12.4.3. Unauthorized API Call