Android WebView Exploitation
WebView Exploitation
Mission Brief:
Welcome, security researcher!
Your assignment is to work as a penetration tester for a cybersecurity company. The company is about to launch a major new mobile platform, but before the apps go live, they must be thoroughly tested for vulnerabilities.
WebView Exploitation:
App Link: VulnWebView APK
Analyse how the app improperly uses WebView components.
Your task: Exploit JavaScript bridges, file:// access, and misconfigured settings to hijack control.
Question 1.
Which Android component is primarily used to load web pages inside apps?
Question 2.
What method allows JavaScript code to interact with Android Java code?
Question 3.
What type of execution can happen remotely if WebView is poorly configured?
Question 4.
What setting, when improperly set, can expose Activities to external apps?
Question 5.
What URL scheme is often abused for WebView local file access attacks?
Question 6.
What permission must an app declare to access internet content in WebView?
Question 7.
What issue occurs if both HTTP and HTTPS content are loaded together in WebView?
Question 8.
If no domain restriction is set, what domain can WebView load?
Question 9.
Which Android component can attackers abuse to send malicious data into apps?
Question 10.
What is the final flag after exploiting the vulnerable WebView?
Binary Patching & Reverse Engineering
Binary Patching & Reverse Engineering:
App Link: Insecure bank v2
Reverse engineer and modify the binary to bypass protections and find hidden secrets inside the APK.
Task:
Reverse engineer the APK, patch binaries, and bypass security mechanisms like ProGuard, and uncover hidden secrets inside the app’s structure.
Question 1.
What tool converts APK files back to readable Java code?
Question 2.
Which dynamic instrumentation toolkit can patch an app at runtime?
Question 3:
What word describes sensitive strings hidden directly in the code?
Question 4.
In Frida, what part of the app do you "hook" to modify behavior?
Question 5.
What assembly-like code do you modify manually after APKTool decompilation?
Question 6.
What must you check to ensure an app hasn't been tampered with?
Question 7.
What popular debugger is used for Android native binaries?
Question 8.
Which tool is often used to obfuscate Android code?
Question 9.
What device capability is usually required to patch system apps?
Question 10.
What is the final flag after patching and modifying the app?
OWASP Mobile Top 10 (2024)
Task:
Understand mobile risks related to OWASP's 2024 Mobile Top 10 list. Identify the vulnerabilities and issues each category addresses.
Question 1.
What OWASP category deals with apps that improperly use or expose credentials like API keys, tokens, and passwords?
Question 2.
Which OWASP category addresses the security risks coming from using insecure libraries, SDKs, or third-party software?
Question 3.
Which OWASP weakness occurs when apps fail to securely check user identity or permissions before granting access?
Question 4.
Which OWASP weakness happens when an app fails to properly sanitize incoming or outgoing data?
Question 5.
Which OWASP category relates to apps transmitting sensitive information without proper encryption or protection?
Question 6.
Which OWASP issue deals with an app not giving users proper control over their personal data?
Question 7.
Which OWASP issue happens when APKs lack protection against reverse engineering or tampering?
Question 8.
Which OWASP risk involves poor app configuration like debug modes left enabled or default passwords still active?
Question 9.
Which OWASP problem occurs when apps store sensitive data insecurely, for example in plaintext?
Question 10.
After identifying all issues in the given mobile app, what is the final flag?