Thanks for huge response to my previous write-ups. Recently I participated in a Bug Bounty program and I have found “Sub-domain takeover” issue by leveraging the Amazon S3 hosting service.

Even though you have an idea on the subdomain takeover via AWS S3. In this write-up, I will show the non-typical way of S3 subdomain takeover and also show the OSINT process to find the s3 regions and finally how I found the correct region of the target.

Introduction — Sub-Domain & S3

Subdomain: A Subdomain is a domain that the part of a larger domain. For example blog.example.com, www.example.com are subdomains of example.com

Sub-domain meme (secureitmania)
Sub-domain meme (secureitmania)

AWS…


Web Application Penetration Testing

Thanks for huge response to my previous write-ups. Recently I have participated in a private program and I found an OS command injection. In this write-up, want share my experience, approach and the challenge I faced during the exploitation.

What is SSRF:

SSRF stands for Server-Side Request Forgery. SSRF is a kind of web application vulnerability. Using this an attacker can do HTTP requests at server-side.In general an attacker might cause the server to make a connection back to itself. Also can interact with web based services within the organization’s infra.

What is Command Injection:

OS command injection (also known as shell injection) is a web security…


Mobile Application Penetration Testing Guide

In my previous write-up I explain the React Native reverse engineering technique. Again I have found a bug in Xamarin based application that was found by a different approach instead of old reverse engineering methodology.

Introduction:

Xamarin is a free and open source mobile app platform for building native and high-performance iOS, Android, tvOS, watchOS, macOS, and Windows.

Old-fashioned way of Android Reverse Engineering

Typically, when reversing an Android application, it is de-compiled using apktool, dex2jar and then analyzed using JD-GUI. When dealing with Native applications, this can be useful if the application has any native code that you would like to analyze.

But most of the…


Mobile Application Penetration Testing Guide

Thanks for the huge response to my previous write-up. Recently I have found a bug regards to hard-coded credentials issue that was found by a different approach instead of old reverse engineering methodology.

Introduction:

React Native is a mobile application framework that is most commonly used to develop applications for Android and iOS by enabling the use of React and native platform capabilities. These days, it’s become increasingly popular to use React across platforms.

Old-fashioned way of Android Reverse Engineering

Typically, when reversing an Android application, it is de-compiled using apktool, dex2jar and then analyzed using JD-GUI. …


Typically, There was no significant impact (in general the severity is low) for a Broken Cryptography flaw in the android application. Unless, if there is a strong dependency between the application workflow and cryptography functions.

In the recent private bugbounty program, I faced a challenge. In which the application request body was encrypted with some kind of cryptography mechanism. So I should have to find the encryption mechanism to further assess the application.

encrypted body challenge

To understand the encryption logic, I have de-compiled the APK using Android reverse Engineering tools set and then I have analyzed the code for the encryption mechanism…


After learning the APK file structure and the application components. We should learn about the primary basic utility command-line tool ADB. In the android application testing, we use adb tool in the information gathering phase and in the exploitation phase to interact with the android device via USB debugging. So we should have learn some basic commands of adb to learn android penetration testing.

What is ADB?

ADB is know as android debug bridge and it is a command-line tool. Which is used to interact with android device via USB debugging.

How to install this tool?

On Windows

Download the ADB Platform Tools…

In the recent android application penetration testing, I have encountered a challenge. In that, I have to copy-paste hundreds of file content to BurpSuite. So I frustrated with this copy-paste task and finally, I wrote a script and named it as raw0xy.

What is raw0xy:

raw0xy is a python script, takes a file that contains raw HTTP request and a proxy route. Then the script will parse the raw HTTP request and sends it via defined proxy.

Where and How can I use raw0xy:

In the mobile application penetration testing, I often experience certificate pinning issue. Due to this, I may fail to intercept the application traffic through BurpSuite. In…


Before learning about the android application hacking, it is necessary to understand the fundamental concepts of android application files, components and how the different components are helpful to function the application. Need to know about the jargon of the Android application core components.

APK

Android applications are distributed as APK files. APK files are basically ZIP files similar to the JAR files used to package Java libraries. An APK file contains app code in the DEX file format, native libraries, resources, assets, etc. It must be digitally signed with a certificate to allow installation on an Android device.

The structure of an APK

Files inside in the APK - securitmania

APK Package Contents

An APK file…


In my previous write-up, I explain the JSON CSRF vulnerability and Now I came up with a technique to abuse the browser Same Origin Policy (SOP).

Introduction — JSONP & SOP:

JSONP stands for JSON with Padding. It is a JavaScript technique to request the data from the server and can access without worrying about cross-domain issues. Below are the features of the JSONP.

  • JSONP does not use the XMLHttpRequest object.
  • JSONP uses the <script> tag instead.
  • JSONP doesn’t care about the browser SOP.

Don’t be confused, I will explain with a practical scenario to understand the above.

Same Origin Policy (SOP):

SOP is a default basic and critical…


I wrote this article because there is no proper resource about the URL structure on the internet.

Introduction-Uniform Resource Locator (URL)

We all are familiar with the internet, so we are also familiar with URLs. We can easily recognize a string whether it is URL or not by seeing the ‘Protocol Scheme’ followed by “://” and then sequence of characters separated by “dot”.

#examples
https://example.com/resource/test.img
https://abcd.example.com/resource/index.html

Q. OK! But how the browser recognizes that the given input string at the address bar is the URL?

A. Actually, the browser first looks for the URI instead of the URL.

oh Wait!…. What is the URI?

secureITmania

https://www.buymeacoffee.com/secureitmania |blog.secureitmania.com| twitter @secureitmania |

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store