❤❤

why this youtuber stop posting video , the video was awesome :)

Hi, I know the video is a little bit old but I'm studying the android pentesting part and I was wondering if it's possible to do a lot of things without reading the code..Because in my usual test I do grey-box pentesting so the client is not giving us any code. Do you think that exploiting deeplink can be done easily without code knowledge?

Thanks for sharing

Nice Video mate but What u mean by deeplink

i have question in android manifest i define domain/{dynamictext}. but when i create link domain/{dynamictext}/anothertext it still can open my app screen why? bez i define only domain/{dynamictext}

Some hidden treasure on Android hacking

I can't see extended options in settings. Could you tell me why or how to fix it please?

You forgot to mention that this method (frida-gadget + objection) is only necessary when the device is not rooted/jailbroken. If device is rooted (like the emulator you used to demonstrate) only frida-server running on the device and frida on the host pc is enough (then you load the frida SSL pinning bypass script of course). This is important to explain so newbies don't get confused (as I got when I first watched your video 1 year ago).

kzbin.info/www/bejne/hn6un4OXfLyrqsk

the gadget version you specified while patching apk is same as frida server version ?

came back for a revision

Fye video

01:00 android studio for proof of concept development 01:32 frida is awsomely epic for dynamic analysis and dynamic runtime analysis 01:53 DB Browser for SQL lite is great for reading databases you find in public storages 01:59 Custom bash script are essential for automating all redudant tasks 02:43 sandboxing 08:32 exploiting activities kzbin.info/www/bejne/jovafZSMr5mGmdk

FlagSix flag can be obtained by dumping the memory, i didn't have the idea how to make that script, so i just pulled out the flag from the application memory xD

do you have a Github documentation for the codes? @B3nac Sec?

Bro how to determine where to use frida where not?

Thanks for your video,I go a deep link bounty and a activity bypass bounty by whatching these!

Amazing 👏 please create more

so i get an error with repacking the application with apktool, has anybody else faced that/

HELP ANYONE WITH SOME ANDROID SKILLS!! HACKED ATTACKED. ?? A few days ago, while watching a KZbin video(via the App) on my Samsung Galaxy S20 FE 5G, the left half of the video portion was covered with a pinkish/orangish screen with the words "MICROWAVE SPY CAMERA 1.XXXX" (where xxxx was 4 digits that I don't remember). After about 20 seconds, I clicked the next video and the exact same thing occurred. I then clicked back to the previous video and the video didn't have this "notice". Then I returned to the new video and it was no longer there either! I played one more completely different video and it wasn't on it either. I tried to look in the developer options for how to see active programs running and it listed about 20, but nothing that stood out as suspicious. I just now put the phone in airplane mode. How can I inspect my phone for evidence of this "screen notice"? Maybe some kind of cache files containing the "screen notice" or whatever? Is there a way to get a dump of ALL processes running before it's too late and it terminates, or the cache gets deleted? I would like to get proof this exists on my phone. Need evidence. Please help ASAP!!

which emulator are you using on linux

Great!

Heey is that possible to do it through ADB Pass intent as value for an parameter in exported activity ?

I found the above vulnerability in 2 popular apps ...but it failed to execute on real device ...it works only in emulator by adb shell command.

can you do intercept traffic from windows application

Very good

I this question in honeywell interview 😭

Why new video is not coming? Waiting for one.

Sasssd

Can you tell me how to intercept traffic from flutter based application

what version of emulator you are using ? is it x86 or arm..?

Kyle bnac can I pls know what your Twitter is ???

thanks 👍🏻 pls create detailed vdos on android owasp top 10 test cases, vulnerabilities.

Nice explanation video. Seems, latest RMS does not use pip3 python version and uses nodejs. I'm finding it difficult in installing and throws error gyp: binding.gyp .... If you get a chance a small snippet of article in your blog or a video would be much appreciated mate :) thanks for contribution 👍

Please have link

awesome, keep it up with the contecnt. there is a need for these types of videos 😎😉

Is it possible to connect objection in a actual android device and bypass application's ssl pinning? TIA

You make more video like this

Nice video brother

Very helpful! Thank you!!

7:30 - 7:40 Objection doesn't keep the old certificate, that's the point - it's not possible, unless exploiting CVE-2017-13156 aka. Janus Vulnerability. You can read more about it here; khannasecurity.com/blog/janus-vulnerability-in-android-cve-2017-13156/ I assume the error you are referring to, is INSTALL_FAILED_UPDATE_INCOMPATIBLE when adb install <file>.objection.apk is run. The error (at least on my version of adb) clearly states "Package <pkg name> signatures do not match the previously installed version; ignoring!" Android requires the use of the same certificate when updating applications in order to mitigate sideloading of apps.x Anyway, this video is otherwise great! Keep it up, I hope more videos are coming! :)

Well done buddy, hats off! 😎🔥

What is the Android version? Also please share the link to another method to achieve this .

Nice

Thanks

Amazing 👌👌👌

Hi, great content, thanks! Can you explain how this open redirect can be exploited? I'm asking in bug bounty terms. You can use the shell to redirect users but you are connected via cable. How is the app vulnerable in real world scenario? Thanks a lot! :)

Any reasons why my decompilation would look slightly different? Does the java version matter? When I am decompiling, I see mostly single-letter variables. For example "Intrinsics" does not appear anywhere in the codebase. In addition, I get a ton of warning logs where it is removing code blocks. I have tried on both Mac and Linux, replicating your exact process with the same version apk and jadx

Thanks ! pls create more videos on Android app pentest. Android owasp test cases.