I think that most of the android developer forgot about danger of the open source nature of android application. Because the fact that once their application is posted in any play store in the world. There are no guarantee that anyone could tweak your application.
In this post i will show you how to attacking android application component(activity) by repackaging the application. I hope it will open developer eye about how easy for anyone to change your application structure.
To start the post,
You guys may be familiar with Androidmanifest.xml file in APK file right?!(if you not ? do your research m8)
Long story short the file is the one that responsible for any permission and components use in android application and it pretty much show like this.
as you can see from the following image there are 3 activities contain in the application and all of them cannot be query outside of the application. So what are we going to do? lets try to modify the file as shown below
we change the export component function into true with that means that any application could call the activity. Once you edit the Androidmanifest.xml it is time to repackage the application. I repackage the application using apktool
After the application is done building we are not done. In order for the application to be installed completely in the device you need to sign the application to new certification. I suggest that you use appium-sign tools it really convenient and save your time. now we are ready to install the application inside the device. (link to tool: https://github.com/appium/sign)
Now to test the application i will use drozer tool. Think drozer as metasploit for android application (i will talk more about drozer in the other post for now just shut up and follow along)
as you can see from the image above that all of the application could be called by drozer. (scary right?!)
To called activity without sending any data use the following command.
But if the activity need data send from one activity to another activity you could use the following command. To anyone wonder what is parameter that need to be follow along the command well it depends on the application activity. If you take a look in my application below
as you can see from the image above that the third activity put extra function that use for moving data into another activity and we could see there are parameter value1 and value2 those two are the flag that is use for the received application to get the the data.
cool right ? but it is not enough for me i try to create my own application exploit that will called the application and send data to the application.
i reuse the source code from my previous post of https://court-of-testing-analysing.blogspot.com/2018/11/exploit-activities-in-android.html
if you run my application it will show like this
Thank you and have a good day
link for the file:
the vulnerable application => https://github.com/acaciaworld80/100dayofpentesting/blob/master/packed_exercise(day%208).apk
In this post i will show you how to attacking android application component(activity) by repackaging the application. I hope it will open developer eye about how easy for anyone to change your application structure.
To start the post,
You guys may be familiar with Androidmanifest.xml file in APK file right?!(if you not ? do your research m8)
Long story short the file is the one that responsible for any permission and components use in android application and it pretty much show like this.
as you can see from the following image there are 3 activities contain in the application and all of them cannot be query outside of the application. So what are we going to do? lets try to modify the file as shown below
we change the export component function into true with that means that any application could call the activity. Once you edit the Androidmanifest.xml it is time to repackage the application. I repackage the application using apktool
After the application is done building we are not done. In order for the application to be installed completely in the device you need to sign the application to new certification. I suggest that you use appium-sign tools it really convenient and save your time. now we are ready to install the application inside the device. (link to tool: https://github.com/appium/sign)
Now to test the application i will use drozer tool. Think drozer as metasploit for android application (i will talk more about drozer in the other post for now just shut up and follow along)
as you can see from the image above that all of the application could be called by drozer. (scary right?!)
To called activity without sending any data use the following command.
But if the activity need data send from one activity to another activity you could use the following command. To anyone wonder what is parameter that need to be follow along the command well it depends on the application activity. If you take a look in my application below
as you can see from the image above that the third activity put extra function that use for moving data into another activity and we could see there are parameter value1 and value2 those two are the flag that is use for the received application to get the the data.
cool right ? but it is not enough for me i try to create my own application exploit that will called the application and send data to the application.
i reuse the source code from my previous post of https://court-of-testing-analysing.blogspot.com/2018/11/exploit-activities-in-android.html
if you run my application it will show like this
Thank you and have a good day
link for the file:
the vulnerable application => https://github.com/acaciaworld80/100dayofpentesting/blob/master/packed_exercise(day%208).apk
Comments
Post a Comment