Android APK leaks access token to takeover the whole infrastructure
Hi, everyone
My name is Santosh Kumar Sha, I’m a security researcher from India(Assam). In this article, I will be describing how I was able to Find the production and staging access token leaked by android application and takeover the whole infrastructure .
I am now offering 1:1 sessions to share my knowledge and expertise:
TIP For looking for android bug :
Tools Requried:
- gf (tomnomnom) — https://github.com/tomnomnom/gf
- grep
- apktool
Case# — — Finding hard coded Credential in android apk .
Here is how I get access to the company production and staging server by the access token leaked by android application.
So I was looking for android bug in One of the public bugbounty program . So i download the android application apk file and de-compile and started looking around.
How to download android application:
Suppose “example” the company to look for android application
Just search on Google like these “example android application downloadable”
Command to decompile the android application:
