Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis)
Critical Thinking - Bug Bounty Podcast - En podcast af Justin Gardner (Rhynorater) & Joel Margolis (teknogeek) - Torsdage
Kategorier:
Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: [email protected] to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynoraterJoel’s HackerOne Android Hacking Introduction:https://t.ly/f87DAndroid Pixel Lock Screen Bypasshttps://t.ly/Q_qqExploiting Deeplink URLs:https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.htmlJoel’s get_schemas tool:https://github.com/teknogeek/get_schemasExample AndroidManfest.xml we referenced:https://t.ly/mcN1https://t.ly/ErVVAndroid docs for intent filters:https://developer.android.com/guide/components/intents-filters.htmlAndroid docs for “setAllowContentaccess”:https://t.ly/hXOZAndroid docs for “setAllowFileAccess”:https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)Add JavaScript Interface to Webview:https://developer.android.com/reference/android/webkit/WebView#addJavascriptInterface(java.lang.Object,%20java.lang.String)Joel’s SSL Pinning Bypass:https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725Google Chrome Docs for Intent URLs:https://developer.chrome.com/docs/multidevice/android/intents/#considerationsJoel’s Bug Bounty Report:https://hackerone.com/reports/423467