During a recent engagement I came across an Android application which, after extracting and decompiling the Java code (using dex2-jar and jd-gui) I noticed the logic was calling a native...
On Android applications, Webviews can be leveraged to load web content within an activity, they can be used for loading both static and dynamic content depending on what’s needed. Content...
Say you need to dump an Android application’s memory, for example, to check whether or not sensitive information is kept in memory longer than it needs to be, this is...
Android components are the building blocks for Android mobile applications; activities, for example, are used for creating the application’s user interface and a rich user experience (every screen in an...
Mobile applications are no doubt an important part of our lives nowadays. More and more, users want to have everything within arm’s reach and service providers are turning to mobile...
This article expands on the things you can achieve with the frida framework. It focuses on the usage of frida-gadget to bypass SSL Pinning controls on Android applications. Do note that...
As a pentester, you may come into the need of bypassing security controls to be able to provide a more significant evaluation. SSL Pinning is one of the most important...
Insecure communication. This is the third article of the OWASP Mobile Top 10 Risks series and it is, more or less, how far I covered during research for my master’s...
Trusting user installed certificates. Here we see how to bypass a restriction on Android applications targeting API 24 and above, the restriction is a security control added to these Android...
Intercepting traffic on an Android application. Here we will see how to intercept traffic between the Android application and the server it communicates to; it describes what needs to be...
Recent Comments