当前位置:网站首页>Penetration test information collection - App information
Penetration test information collection - App information
2022-07-06 18:35:00 【Aspirin. two thousand and two】
List of articles
APP information gathering
With the rapid development of mobile Internet , Mobile intelligent terminal contains a lot of personal information and important data , Its security has increasingly become a common concern . As the fastest growing market share in recent years 、 The most popular open source mobile operating system Android, It has also become the main target of attack . To guard against malicious attacks , It is necessary to find and understand various vulnerabilities of the system and network as much as possible before the attacker , And take precautions in time . Check for system vulnerabilities , Penetration testing is one of the best ways . However , Most of the general penetration testing schemes are aimed at traditional network equipment and environment , With the emergence of traditional network security problems in the field of mobile Internet , Penetration testing for mobile intelligent terminals is also of great significance .
Move app The security threats are mainly local security , For example, remote control 、 Application cracking 、 Information theft and so on , Most people haven't noticed app The security of the server , But there are many security vulnerabilities in this area .
In massive applications ,APP There may be the following threats :
Trojan horse 、 Viruses 、 Tampering 、 Crack 、 go fishing 、 Second packing 、 Account theft 、 Advertisement implantation 、 Information hijacking, etc
lookup APP The method of server Vulnerability
1、 Decompile APP: There are two ways to decompile ,dex2jar and AndroidKiller
2、http(s) Agent grabs bag : This method takes advantage of setting up a proxy on the mobile device , Make... By manual operation app Interact with the server .
Tools
Android Simulator
ApkAnalyser Download address :https://github.com/TheKingOfDuck/ApkAnalyser
Androidkiller
burp
mind
Sometimes when website protection is done well , It can be downloaded from app Starting with , Grab the bag and find the backstage
Grab the bag 、 Decompile
Sometimes I catch bags 、 Decompile to see some sensitive information (IP、 Interface 、 Account and password 、 Crack )
It's time to grab the bag 、 Decompile to see some sensitive information (IP、 Interface 、 Account and password 、 Crack )
边栏推荐
猜你喜欢
44所高校入选!分布式智能计算项目名单公示
[Matlab] Simulink 同一模块的输入输出的变量不能同名
阿里云国际版ECS云服务器无法登录宝塔面板控制台
Grafana 9.0 正式发布!堪称最强!
Use cpolar to build a business website (1)
Docker安装Redis
This article discusses the memory layout of objects in the JVM, as well as the principle and application of memory alignment and compression pointer
小程序在产业互联网中的作用
SAP Fiori 应用索引大全工具和 SAP Fiori Tools 的使用介绍
图之广度优先遍历
随机推荐
Reproduce ThinkPHP 2 X Arbitrary Code Execution Vulnerability
2019 Alibaba cluster dataset Usage Summary
Xu Xiang's wife Ying Ying responded to the "stock review": she wrote it!
ADB common commands
SQL优化问题的简述
epoll()无论涉及wait队列分析
Docker installation redis
Windows connects redis installed on Linux
2022/02/12
2022 Summer Project Training (II)
D binding function
UDP协议:因性善而简单,难免碰到“城会玩”
Epoll () whether it involves wait queue analysis
Distill knowledge from the interaction model! China University of science and Technology & meituan proposed virt, which combines the efficiency of the two tower model and the performance of the intera
Bonecp uses data sources
Wchars, coding, standards and portability - wchars, encodings, standards and portability
Cobra 快速入门 - 专为命令行程序而生
Compilation Principle -- C language implementation of prediction table
Docker安装Redis
Penetration test information collection - CDN bypass