Saturday, December 31, 2016

ANDROID PT - DIVA / 9 - Access Control Issues 1 - Intent Filter Vulnerability (1)


- Layout for this exercise:

- Connecting from Santoku to Nexus 5 with ADB:

- Launching the application: 

- Clicking the tab for challenge 9:

- The application allows to see the API credentials:

- However, the goal of this challenge is to access the API credentials from outside the application, taking advantage of the incorrect validation system used in this activity.

- Let's have a look at the Java source code of the activity for this challenge, AccessControl1Activity


- The jakhar.aseem.diva.action.VIEW_CREDS is the intent filter responsible for allowing the credentials to be displayed by the application:

- Opening the Java source code for

- Also, the AndroidManifest.xml indicates the presence of the mentioned intent filter:

- Now, using the Activity Manager tool we can start the intent filter jakhar.aseem.diva.action.VIEW_CREDS from Santoku Linux, without using the DIVA application interface at the Nexus 5 device:

-The result is the application starting by itself and showing the API credentials:

- By the way, an apart for the previous exercise, Activity Manager can also be used for other tasks. For instance, to open a web browser remotely at the mobile device: