Tag

Android

#android

More content

Read more stories on Hashnode

Articles with this tag

Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys

Dec 3, 20226 min read

Intercepting and Manipulating client-side AES encrypted traffic in mobile applications having hardcoded Key and IV ยท Overview Mobile applications are...

Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys

A deep dive into Task Hijacking in Android

Apr 21, 20216 min read

Introduction Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their...

A deep dive into Task Hijacking in Android

One-click SSL-Pinning Bypass Setup

Oct 13, 20202 min read

Android app Pentests can become torturous when you don't have the right environment setup.This of course refers to the SSL-pinning that is implemented...

One-click SSL-Pinning Bypass Setup

Leveraging XSS to Read Internal Files

Oct 8, 20202 min read

Everybody is familiar with what an XSS is so fast-forwarding it a bit, this is a write-up on how I managed to get an XSS in a PDF generator on an...

Leveraging XSS to Read Internal Files

From Android Static Analysis to RCE on Production

Sep 7, 20203 min read

TL;DRWe exploited an information disclosure in the mobile app to get an RCE on an internal server which was leveraged to the prod environment. Let's...

From Android Static Analysis to RCE on Production

Android Pentesting CheatSheet

Oct 28, 20195 min read

This post contains a list of commands which can be used with Drozer, a tool for pentesting Android applications.All of the commands have been taken...

Android Pentesting CheatSheet