Thanks for huge response to my previous write-ups. Recently I participated in a Bug Bounty program and I have found “Sub-domain takeover” issue by leveraging the Amazon S3 hosting service.
Even though you have an idea on the subdomain takeover via AWS S3. In this write-up, I will show the non-typical way of S3 subdomain takeover and also show the OSINT process to find the s3 regions and finally how I found the correct region of the target.
Subdomain: A Subdomain is a domain that the part of a larger domain. For example blog.example.com, www.example.com are subdomains of example.com
In my previous write-up I explain the React Native reverse engineering technique. Again I have found a bug in Xamarin based application that was found by a different approach instead of old reverse engineering methodology.
Xamarin is a free and open source mobile app platform for building native and high-performance iOS, Android, tvOS, watchOS, macOS, and Windows.
Typically, when reversing an Android application, it is de-compiled using apktool, dex2jar and then analyzed using JD-GUI. When dealing with Native applications, this can be useful if the application has any native code that you would like to analyze.
But most of the…
Thanks for the huge response to my previous write-up. Recently I have found a bug regards to hard-coded credentials issue that was found by a different approach instead of old reverse engineering methodology.
React Native is a mobile application framework that is most commonly used to develop applications for Android and iOS by enabling the use of React and native platform capabilities. These days, it’s become increasingly popular to use React across platforms.
Typically, when reversing an Android application, it is de-compiled using apktool, dex2jar and then analyzed using JD-GUI. …
Typically, There was no significant impact (in general the severity is low) for a Broken Cryptography flaw in the android application. Unless, if there is a strong dependency between the application workflow and cryptography functions.
In the recent private bugbounty program, I faced a challenge. In which the application request body was encrypted with some kind of cryptography mechanism. So I should have to find the encryption mechanism to further assess the application.
To understand the encryption logic, I have de-compiled the APK using Android reverse Engineering tools set and then I have analyzed the code for the encryption mechanism…
After learning the APK file structure and the application components. We should learn about the primary basic utility command-line tool ADB. In the android application testing, we use adb tool in the information gathering phase and in the exploitation phase to interact with the android device via USB debugging. So we should have learn some basic commands of adb to learn android penetration testing.
ADB is know as android debug bridge and it is a command-line tool. Which is used to interact with android device via USB debugging.
How to install this tool?
In the recent android application penetration testing, I have encountered a challenge. In that, I have to copy-paste hundreds of file content to BurpSuite. So I frustrated with this copy-paste task and finally, I wrote a script and named it as raw0xy.
raw0xy is a python script, takes a file that contains raw HTTP request and a proxy route. Then the script will parse the raw HTTP request and sends it via defined proxy.
Before learning about the android application hacking, it is necessary to understand the fundamental concepts of android application files, components and how the different components are helpful to function the application. Need to know about the jargon of the Android application core components.
Android applications are distributed as APK files. APK files are basically ZIP files similar to the JAR files used to package Java libraries. An APK file contains app code in the DEX file format, native libraries, resources, assets, etc. It must be digitally signed with a certificate to allow installation on an Android device.
An APK file…
In my previous write-up, I explain the JSON CSRF vulnerability and Now I came up with a technique to abuse the browser Same Origin Policy (SOP).
Don’t be confused, I will explain with a practical scenario to understand the above.
SOP is a default basic and critical…
I wrote this article because there is no proper resource about the URL structure on the internet.
We all are familiar with the internet, so we are also familiar with URLs. We can easily recognize a string whether it is URL or not by seeing the ‘Protocol Scheme’ followed by “://” and then sequence of characters separated by “dot”.
Q. OK! But how the browser recognizes that the given input string at the address bar is the URL?
A. Actually, the browser first looks for the URI instead of the URL.
oh Wait!…. What is the URI?
CSRF(Cross-Site Request Forgery) is a kind of web application vulnerability, using this a malevolent can forge the HTTP request without the actual user knowledge. This will result in a serious security flaw in the web application.
In this write up I will explain how to identify the JSON CSRF vulnerability and the challenge I face to escalate this bug in a recent project.
Generally, the JSON CSRF is not always possible in every web application that uses the JSON body. Mainly it depends on the authentication mechanism. …