Security Testing for Android Cross Platform Application ( Xamarin & Cordova) - Part 1
Hello All,
Hope you all are doing great. So this would be an interesting topic which need more research from the community. I have not explore much but let me share what I have found. If I have missed few aspect or made any mistake kindly comments below and I will update the post.
Let's begin:
Bypassing SSL Pinning or Connection not secure Error of Cordova based Application
What is Cordova?
Apache Cordova enables software programmers to build applications for mobile devices using CSS3, HTML5, and JavaScript instead of relying on platform-specific APIs like those in Android, iOS, or Windows Phone. It enables wrapping up of CSS, HTML, and JavaScript code depending upon the platform of the device. It extends the features of HTML and JavaScript to work with the device. The resulting applications are hybrid, meaning that they are neither truly native mobile application
So Recently I was given an android application to assess which was build using Cordova framework.
Step 1:
Command:- apktool d yourapp.apk
Step 2:
Let's Check the AndroidManifest.xml file and folder with name Cordova
So let's run the application and intercept the request using burp
Step 1:
Configure the Burp Suite to intercept the HTTP(S) Request
Step 2:
Configure the Device and install burp certificate
Oppss!!! I am unable to Intercept the Request because I am intercepting the traffic with burp suite and the application has some SSL certificate validation. The application throws "Connection not Secure" error. 😐
Let's not talk about the difficulties faced while trying to bypass connection not secure error using various publicly available tools & method.
So due to frustration I started to look into the application logs and interestingly I found something in the logs which was throwing the "Connection not Secure" error message
www/app/main.service.js
So again I visited my old unzip apk folder and checked for the files in assets\www\app. Holy Crap it was gold mine containing various JavaScript files and folders
So I started are hunting in those files for the string "CONNECTION NOT SECURE" and found that Login.ctrl.js file contains that string.
I opened the Login.ctrl.js and tried to search for "CONNECTION NOT SECURE" string and understand the logic and found that the function just pop's an alert box 😣
I also found another function which sends "Connection Secure" response.
Hmmm!!! So what if we copy entire function of "CONNECTION SECURE" into "CONNECTION NOT SECURE"
CONNECTION SECURE CODE
Let's Copy the Code of Connection Secure to Connection not Secure
Save the file and build the apk and sign the apk
Command:- apktool b yourapp.apk
Sign the apk
Command:- java -jar sign.jar yourapp.apk
So After signing and installing the apk finally I was to intercept the traffic and bypass the "CONNECTION NOT SECURE" error
There were multiple Javascript script files present in the application which contained sensitive information like hard-coded credential and API key which were related to payment gateway.
Conclusion
So we must always look for the Javascript files as they might contain sensitive information or can help us in understanding the validation imposed in the applications.
Thank to everyone who support me and help to write this blog. Special thanks to abhijeet.
Hope you all are doing great. So this would be an interesting topic which need more research from the community. I have not explore much but let me share what I have found. If I have missed few aspect or made any mistake kindly comments below and I will update the post.
Let's begin:
Bypassing SSL Pinning or Connection not secure Error of Cordova based Application
What is Cordova?
Apache Cordova enables software programmers to build applications for mobile devices using CSS3, HTML5, and JavaScript instead of relying on platform-specific APIs like those in Android, iOS, or Windows Phone. It enables wrapping up of CSS, HTML, and JavaScript code depending upon the platform of the device. It extends the features of HTML and JavaScript to work with the device. The resulting applications are hybrid, meaning that they are neither truly native mobile application
So Recently I was given an android application to assess which was build using Cordova framework.
- How to Identify if the application is build in Cordova?
Step 1:
Command:- apktool d yourapp.apk
Step 2:
Let's Check the AndroidManifest.xml file and folder with name Cordova
So let's run the application and intercept the request using burp
Step 1:
Configure the Burp Suite to intercept the HTTP(S) Request
Step 2:
Configure the Device and install burp certificate
Oppss!!! I am unable to Intercept the Request because I am intercepting the traffic with burp suite and the application has some SSL certificate validation. The application throws "Connection not Secure" error. 😐
So due to frustration I started to look into the application logs and interestingly I found something in the logs which was throwing the "Connection not Secure" error message
www/app/main.service.js
So again I visited my old unzip apk folder and checked for the files in assets\www\app. Holy Crap it was gold mine containing various JavaScript files and folders
So I started are hunting in those files for the string "CONNECTION NOT SECURE" and found that Login.ctrl.js file contains that string.
I opened the Login.ctrl.js and tried to search for "CONNECTION NOT SECURE" string and understand the logic and found that the function just pop's an alert box 😣
I also found another function which sends "Connection Secure" response.
Hmmm!!! So what if we copy entire function of "CONNECTION SECURE" into "CONNECTION NOT SECURE"
CONNECTION SECURE CODE
Let's Copy the Code of Connection Secure to Connection not Secure
Save the file and build the apk and sign the apk
Command:- apktool b yourapp.apk
Sign the apk
Command:- java -jar sign.jar yourapp.apk
So After signing and installing the apk finally I was to intercept the traffic and bypass the "CONNECTION NOT SECURE" error
There were multiple Javascript script files present in the application which contained sensitive information like hard-coded credential and API key which were related to payment gateway.
Conclusion
So we must always look for the Javascript files as they might contain sensitive information or can help us in understanding the validation imposed in the applications.
Thank to everyone who support me and help to write this blog. Special thanks to abhijeet.
Informative post! I wonder if such security testing can be applied to an Android app for Shopify store that I recently built.
ReplyDeleteI think this is the best article today. Thanks for taking your own time to discuss this topic, I feel happy about that curiosity has increased to learn more about this topic. Keep sharing your information regularly for my future reference.Excellent blog admin. This is what I have looked. Check out the following links for QA services
ReplyDeleteTest automation software
Best automated testing software
Mobile app testing services
Excellent Blog, I like your blog and It is very informative. Thank you
ReplyDeletexamarin online course
learn xamarin online
So for Xamarin is it the same way as cordova
ReplyDelete
ReplyDeleteGreat set of tips from the master himself. Excellent ideas. Thanks for Awesome tips Keep it up
allsoftwarepro.com
anymp4-video-converter-crack
universal-document-converter-crack
Nice post. Penetration testing is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system. Checkout the detailed information about penetration testing services and how it's helps avoid the security threats.
ReplyDeleteIt's really nice and meaningful. it's really cool blog, Thank you.
ReplyDeleteKali Linux Training Courses in Malaysia
This site have particular software articles which emits an impression of being a significant and significant for you individual, able software installation.This is the spot you can get helps for any software installation, usage and cracked.
ReplyDeleteanycap-screen-recorder-crack
After looking through a few blog articles on your website,we sincerely appreciate the way you blogged.We’ve added it to our list of bookmarked web pages and will be checking back in the nearfuture. Please also visit my website and tell us what you think.Great work with hard work you have done I appreciate your work thanks for sharing it.
ReplyDeleteAVG Driver Updater Crack
Mailbird Pro Crack
Captain Chords Crack
AntiPlagiarism.NET Crack
Glary Utilities Pro Crack
FBX Game Recorder Crack
Topaz Video Enhance AI Crack
Tenorshare ReiBoot Pro Crack
Great blog with good information.
ReplyDeleteCyber Security Course in Chennai
Cyber Security Online Course
Cyber Security Course in Bangalore
Nice post. I was checking constantly this blog and I am impressed! Extremely helpful information specially App development I care for such info a lot.
ReplyDeleteKali linux training courses in malaysia
ReplyDeleteUseful blog.Thank you for sharing
wireless network penetration testing and security auditing
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.익산출장아로마
ReplyDelete정읍출장아로마
남원출장아로마
군산출장아로마
전주출장아로마
김제출장아로마
Very interesting blog.
Really Nice Article! You post inspire me too much.
ReplyDeletelottery sambad from lotterysambad24hr.com
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. crackdoc.org I hope to have many more entries or so from you.
ReplyDeleteVery interesting blog.
JetBrains CLion Crack
PRTG Network Monitor Crack
CCleaner Pro Crack
AOMEI Partition Assistant Crack
Eset Smart Security Premium Crack
Thanks For Sharing This Article With Us . It is very informative
ReplyDeleteData science training institute
Machine learning training institute
Very useful post and thanks for sharing!!
ReplyDeleteSensormatic
Phone Holder
Anti Theft Tablet Security Stand
Very Informative Blog.
ReplyDeletePersonal loan for CIBIL defaulter
Thanks for providing a valuable tool for developers to create and edit HTML content conveniently on Android devices.Developing Android app in JavaScript frameworks allows for cross-platform compatibility and faster development cycles, making it a popular choice among developers.
ReplyDeleteMachine literacy is trendy content in academia and business; new ways are always being created. Indeed for specialists, the speed and intricacy of the field make it delicate to keep up with new ways.
ReplyDeleteis this one. still, it restricts itself to a direct relationship and only considers the dependent variable’s mean. Time series analysis and trend soothsaying are two operations of direct retrogression. On the base of literal data, it can read unborn deals. . Machine learning classes in pune
Machine learning training in pune Machine learning training in pune
Machine learning classes in pune
Thank you for sharing this insightful post! It's crucial to explore security testing in-depth, especially for cross-platform applications like those built with Cordova. FYI Solutions offers Cyber Security Services to help identify and mitigate these vulnerabilities, ensuring robust security for your applications.
ReplyDeleteNice Post ERP for Manufacturers
ReplyDeleteThanks for sharing. Nice article
ReplyDeletetrading course in amritsar