APP information gathering

• With the rapid development of mobile Internet , Mobile intelligent terminal contains a lot of personal information and important data , Its security has increasingly become a common concern . As the fastest growing market share in recent years 、 The most popular open source mobile operating system Android, It has also become the main target of attack . To guard against malicious attacks , It is necessary to find and understand various vulnerabilities of the system and network as much as possible before the attacker , And take precautions in time . Check for system vulnerabilities , Penetration testing is one of the best ways . However , Most of the general penetration testing schemes are aimed at traditional network equipment and environment , With the emergence of traditional network security problems in the field of mobile Internet , Penetration testing for mobile intelligent terminals is also of great significance .

• Move app The security threats are mainly local security , For example, remote control 、 Application cracking 、 Information theft and so on , Most people haven't noticed app The security of the server , But there are many security vulnerabilities in this area .

In massive applications ,APP There may be the following threats ：

Trojan horse 、 Viruses 、 Tampering 、 Crack 、 go fishing 、 Second packing 、 Account theft 、 Advertisement implantation 、 Information hijacking, etc

lookup APP The method of server Vulnerability

1、 Decompile APP： There are two ways to decompile ,dex2jar and AndroidKiller

2、http(s) Agent grabs bag ： This method takes advantage of setting up a proxy on the mobile device , Make... By manual operation app Interact with the server .

Tools

 Android Simulator 
ApkAnalyser   Download address ：https://github.com/TheKingOfDuck/ApkAnalyser
Androidkiller
burp
 mind 

Sometimes when website protection is done well , It can be downloaded from app Starting with , Grab the bag and find the backstage

Grab the bag 、 Decompile

Sometimes I catch bags 、 Decompile to see some sensitive information （IP、 Interface 、 Account and password 、 Crack ）

It's time to grab the bag 、 Decompile to see some sensitive information （IP、 Interface 、 Account and password 、 Crack ）