why this youtuber stop posting video , the video was awesome :)
@albertobarbieri82803 ай бұрын
Hi, I know the video is a little bit old but I'm studying the android pentesting part and I was wondering if it's possible to do a lot of things without reading the code..Because in my usual test I do grey-box pentesting so the client is not giving us any code. Do you think that exploiting deeplink can be done easily without code knowledge?
@amitgajbhare88198 ай бұрын
Thanks for sharing
@zzzzzzzzZzZZzzzaZzz8 ай бұрын
Nice Video mate but What u mean by deeplink
@visalny63168 ай бұрын
i have question in android manifest i define domain/{dynamictext}. but when i create link domain/{dynamictext}/anothertext it still can open my app screen why? bez i define only domain/{dynamictext}
@Pem7 Жыл бұрын
Some hidden treasure on Android hacking
@mariajoseesquivel4980 Жыл бұрын
I can't see extended options in settings. Could you tell me why or how to fix it please?
@brunoaduarte Жыл бұрын
You forgot to mention that this method (frida-gadget + objection) is only necessary when the device is not rooted/jailbroken. If device is rooted (like the emulator you used to demonstrate) only frida-server running on the device and frida on the host pc is enough (then you load the frida SSL pinning bypass script of course). This is important to explain so newbies don't get confused (as I got when I first watched your video 1 year ago).
@Pem7 Жыл бұрын
Sure, sure Bruno... Well said 👏
@dandyddz2 ай бұрын
Isnt it the case that one method works more often than the other?
@masudrahman253 Жыл бұрын
kzbin.info/www/bejne/hn6un4OXfLyrqsk
@serialkiller8783 Жыл бұрын
the gadget version you specified while patching apk is same as frida server version ?
@dxsp1d3r Жыл бұрын
came back for a revision
@yummy2043 Жыл бұрын
Fye video
@domaincontroller Жыл бұрын
01:00 android studio for proof of concept development 01:32 frida is awsomely epic for dynamic analysis and dynamic runtime analysis 01:53 DB Browser for SQL lite is great for reading databases you find in public storages 01:59 Custom bash script are essential for automating all redudant tasks 02:43 sandboxing 08:32 exploiting activities kzbin.info/www/bejne/jovafZSMr5mGmdk
@kishorbal8070 Жыл бұрын
FlagSix flag can be obtained by dumping the memory, i didn't have the idea how to make that script, so i just pulled out the flag from the application memory xD
@animeshkar46102 жыл бұрын
do you have a Github documentation for the codes? @B3nac Sec?
@amartyapatil41242 жыл бұрын
Bro how to determine where to use frida where not?
@user-ij2ii1kf3n2 жыл бұрын
Thanks for your video,I go a deep link bounty and a activity bypass bounty by whatching these!
@ca79862 жыл бұрын
Amazing 👏 please create more
@mujtaba8532 жыл бұрын
so i get an error with repacking the application with apktool, has anybody else faced that/
@brickwilbur98052 жыл бұрын
HELP ANYONE WITH SOME ANDROID SKILLS!! HACKED ATTACKED. ?? A few days ago, while watching a KZbin video(via the App) on my Samsung Galaxy S20 FE 5G, the left half of the video portion was covered with a pinkish/orangish screen with the words "MICROWAVE SPY CAMERA 1.XXXX" (where xxxx was 4 digits that I don't remember). After about 20 seconds, I clicked the next video and the exact same thing occurred. I then clicked back to the previous video and the video didn't have this "notice". Then I returned to the new video and it was no longer there either! I played one more completely different video and it wasn't on it either. I tried to look in the developer options for how to see active programs running and it listed about 20, but nothing that stood out as suspicious. I just now put the phone in airplane mode. How can I inspect my phone for evidence of this "screen notice"? Maybe some kind of cache files containing the "screen notice" or whatever? Is there a way to get a dump of ALL processes running before it's too late and it terminates, or the cache gets deleted? I would like to get proof this exists on my phone. Need evidence. Please help ASAP!!
@c09yc472 жыл бұрын
which emulator are you using on linux
@zoozx777z2 жыл бұрын
Great!
@wannadie20032 жыл бұрын
Heey is that possible to do it through ADB Pass intent as value for an parameter in exported activity ?
@animeshkar4610 Жыл бұрын
ya
@sureshkumar-gg1qh2 жыл бұрын
I found the above vulnerability in 2 popular apps ...but it failed to execute on real device ...it works only in emulator by adb shell command.
@RdozeTV2 жыл бұрын
can you do intercept traffic from windows application
@reza_nematii2 жыл бұрын
Very good
@akshaygaikwad56362 жыл бұрын
I this question in honeywell interview 😭
@nointro52843 жыл бұрын
Why new video is not coming? Waiting for one.
@epamt3 жыл бұрын
Sasssd
@newuser24743 жыл бұрын
Can you tell me how to intercept traffic from flutter based application
@sakyb73 жыл бұрын
what version of emulator you are using ? is it x86 or arm..?
@Jiqcyy3 жыл бұрын
Kyle bnac can I pls know what your Twitter is ???
@satyajitdas4353 жыл бұрын
thanks 👍🏻 pls create detailed vdos on android owasp top 10 test cases, vulnerabilities.
@vis20793 жыл бұрын
Nice explanation video. Seems, latest RMS does not use pip3 python version and uses nodejs. I'm finding it difficult in installing and throws error gyp: binding.gyp .... If you get a chance a small snippet of article in your blog or a video would be much appreciated mate :) thanks for contribution 👍
@suhailashraf48533 жыл бұрын
Please have link
@zer0ql3 жыл бұрын
awesome, keep it up with the contecnt. there is a need for these types of videos 😎😉
@bienlao57913 жыл бұрын
Is it possible to connect objection in a actual android device and bypass application's ssl pinning? TIA
@pranjalpandey44103 жыл бұрын
You make more video like this
@pranjalpandey44103 жыл бұрын
Nice video brother
@LegacyInBlood3 жыл бұрын
Very helpful! Thank you!!
@mFINDs3 жыл бұрын
7:30 - 7:40 Objection doesn't keep the old certificate, that's the point - it's not possible, unless exploiting CVE-2017-13156 aka. Janus Vulnerability. You can read more about it here; khannasecurity.com/blog/janus-vulnerability-in-android-cve-2017-13156/ I assume the error you are referring to, is INSTALL_FAILED_UPDATE_INCOMPATIBLE when adb install <file>.objection.apk is run. The error (at least on my version of adb) clearly states "Package <pkg name> signatures do not match the previously installed version; ignoring!" Android requires the use of the same certificate when updating applications in order to mitigate sideloading of apps.x Anyway, this video is otherwise great! Keep it up, I hope more videos are coming! :)
@alexandercarthdez14693 жыл бұрын
Well done buddy, hats off! 😎🔥
@akshaydeshpande43383 жыл бұрын
What is the Android version? Also please share the link to another method to achieve this .
@AjayKumar-xl4jc3 жыл бұрын
Nice
@jaksan31593 жыл бұрын
Thanks
@sql70023 жыл бұрын
Amazing 👌👌👌
@belialblack31823 жыл бұрын
Hi, great content, thanks! Can you explain how this open redirect can be exploited? I'm asking in bug bounty terms. You can use the shell to redirect users but you are connected via cable. How is the app vulnerable in real world scenario? Thanks a lot! :)
@B3nacSec3 жыл бұрын
Hi, glad you like the content, thank you! An open redirect by itself pretty much has the same impact as phishing and in most cases would be categorized as low priority. Optimally open redirects should be combined with an exploit chain that increases the impact for a higher payout (for bug bounty). Examples are open redirect to XSS or OAuth token disclosure that leads to account takeovers.
@jackmaginnes74973 жыл бұрын
Any reasons why my decompilation would look slightly different? Does the java version matter? When I am decompiling, I see mostly single-letter variables. For example "Intrinsics" does not appear anywhere in the codebase. In addition, I get a ton of warning logs where it is removing code blocks. I have tried on both Mac and Linux, replicating your exact process with the same version apk and jadx
@zerodayKB2 жыл бұрын
Have you found solution for that problem?
@amrithnh3 ай бұрын
Yes. Even I have the same kind of code after decompiling. Due to that, I'm not able to run the frida script. Anyone with a solution ?
@satyajitdas4353 жыл бұрын
Thanks ! pls create more videos on Android app pentest. Android owasp test cases.