
Apktool Installation: https://ibotpeaches.github.io/Apktool/install/
Download FridaLoader apk file from following link:
https://github.com/dineshshetty/FridaLoader/releases
MobSF Github Repository:
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Installation Steps:
https://mobsf.github.io/docs/#/installation
Github Repository: https://github.com/sensepost/objection
https://developer.android.com/studio/releases/platform-tools
https://github.com/skylot/jadx
MobSF Github Repository:
https://github.com/MobSF/Mobile-Security-Framework-MobSF
Installation Steps:
https://mobsf.github.io/docs/#/installation
Github Repository: https://github.com/sensepost/objection
Download clickme.apk from here:
https://drive.google.com/file/d/1zqPug0383Y4Ey5W71x_rxCMxP70AarCh/view?usp=share_link
Magic Smali Code for Enabling WebView Debugging:
const/4 v2, 0x1
invoke-static {v2}, Landroid/webkit/WebView;->setWebContentsDebuggingEnabled(Z)V
https://rewanthtammana.com/damn-vulnerable-bank/index.html
https://hackerone.com/reports/583987
https://hackerone.com/reports/637194
https://hackerone.com/reports/401793
https://hackerone.com/reports/351555
https://hackerone.com/reports/258460
https://hackerone.com/reports/44727
https://hackerone.com/reports/55530
https://hackerone.com/reports/855618
Breaking The Facebook For Android Application
https://ash-king.co.uk/blog/facebook-bug-bounty-09-18
Downloading any file via Facebook for Android
https://ash-king.co.uk/blog/downloading-any-file-via-facebook-android
Launching Internal & Non-Exported Deeplinks On Facebook
https://ash-king.co.uk/blog/Launching-internal-non-exported-deeplinks-on-Facebook/
Accidental $70k Google Pixel Lock Screen Bypass
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
Facebook android vulnerability: Launching internal/tighten deeplink onbehalf of user
https://servicenger.com/mobile/facebook-android-vulnerability-launching-internal-tighten-deeplink-onbehalf-of-user/
Crash Instagram Bug (Android) using U+043E
https://servicenger.com/mobile/crash-instagram-android-using-u043e-unpatched/
Welcome to our course: Android Applications Hacking for Bug Bounty and Pentesting
This course is designed to help you kick-start the journey of android pentesting with right tools and methodology. Information security is the ever-changing field, we bring the latest methodology to setup your own environment and get your hands dirty with the android pentesting.
This course initiates with basics such as Android Architecture, what is Android Run time (ART), Android device Rooting Basics. Towards the intermediate concepts like Reversing Android Apps, Bypassing client side restrictions such as root detection, SSL Pinning etc. This course leverages multiple industry known & open source applications to demonstrate the test cases.
This course will also teaches you how to identify a variety of Android App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Root detection, insecure end to end encryption, Access Control issues in REST API etc.
Essentially this course is designed to teach the general approach right from reversing the APK, to understand & identify vulnerabilities, modifying the application logic to run the modified application in the android environment. This course is for all levels. We will take you from beginner to advance level. You will learn step-by-step with hands-on demonstrations.
The highlights of this course are:
Fundamentals of android
Lab Setup in Windows & Linux
Static & Dynamic Analysis
Intercept Traffic using Burpsuite
Root detection bypass
SSL Pinning Bypass
Patching apps using objection
Frida code share & Startup scripts
Reversing & patching applications manually
Smali Understanding
Identifying client side encryption
Real world findings Walkthrough
See you inside the course!