- The Guide to Finding and Reporting Web Vulnerabilities
- About the Author
- About the Tech Reviewer
- Foreword
- Introduction
- Who This Book Is For
- What Is In This Book
- Happy Hacking!
- 1 Picking a Bug Bounty Program
- 2 Sustaining Your Success
- 3 How the Internet Works
- 4 Environmental Setup and Traffic Interception
- 5 Web Hacking Reconnaissance
- 6 Cross-Site Scripting
- 7 Open Redirects
- 8 Clickjacking
- 9 Cross-Site Request Forgery
- 10 Insecure Direct Object References
- 11 SQL Injection
- 12 Race Conditions
- 13 Server-Side Request Forgery
- 14 Insecure Deserialization
- 15 XML External Entity
- 16 Template Injection
- 17 Application Logic Errors and Broken Access Control
- 18 Remote Code Execution
- 19 Same-Origin Policy Vulnerabilities
- 20 Single-Sign-On Security Issues
- 21 Information Disclosure
- 22 Conducting Code Reviews
- 23 Hacking Android Apps
- 24 API Hacking
- 25 Automatic Vulnerability Discovery Using Fuzzers
Anatomy of an APK
Before you attack Android applications, you must first understand what they are made of. Android applications are distributed and installed in a file format called Android Package ( APK) . APKs are like ZIP files that contain everything an Android application needs to operate: the application code, the application manifest file, and the application’s resources. This section describes the main components of an Android APK.
攻击 Android 应用程序之前,您必须首先了解它们是由什么构成的。Android 应用程序以一种称为 Android 包(APK)的文件格式进行分发和安装。APK 就像是包含了 Android 应用程序所有需要的一切:应用程序代码,应用程序清单文件和应用程序资源的 ZIP 文件。本节介绍了 Android APK 的主要组成部分。
First, the AndroidManifest.xml file contains the application’s package name, version, components, access rights, and referenced libraries, as well as other metadata. It’s a good starting point for exploring the application. From this file, you can gain insights into the app’s components and permissions.
首先,AndroidManifest.xml 文件包含应用程序的软件包名称、版本、组件、访问权限和引用库,以及其他元数据。这是探索应用程序的好起点。从这个文件中,您可以获得有关应用程序组件和权限的信息。
Understanding the components of your target application will provide you with a good overview of how it works. There are four types of app components: Activities (declared in <activity> tags), Services (declared in <service> tags), BroadcastReceivers (declared in <receiver> tags), and ContentProviders (declared in <provider> tags).
了解目标应用程序的各个组件将为您提供其工作方式的良好概述。应用程序组件有四种类型:活动(在<activity>标签中声明),服务(在<service>标签中声明),广播接收器(在<receiver>标签中声明)和内容提供程序(在<provider>标签中声明)。
Activities are application components that interact with the user. The windows of Android applications you see are made up of Activities. Services are long-running operations that do not directly interact with the user, such as retrieving or sending data in the background. BroadcastReceivers allow an app to respond to broadcast messages from the Android system and other applications. For instance, some applications download large files only when the device is connected to Wi-Fi, so they need a way to be notified when the device connects to a Wi-Fi network. ContentProviders provide a way to share data with other applications.
活动是与用户交互的应用程序组件。您看到的 Android 应用程序窗口由活动组成。服务是长时间运行的操作,不直接与用户交互,例如在后台检索或发送数据。BroadcastReceiver 允许应用程序响应 Android 系统和其他应用程序的广播消息。例如,一些应用程序仅在设备连接到 Wi-Fi 时下载大文件,因此它们需要一种方式来在设备连接到 Wi-Fi 网络时得到通知。ContentProvider 提供了一种共享数据与其他应用程序的方法。
The permissions that the application uses, such as the ability to send text messages and the permissions other apps need to interact with it, are also declared in this AndroidManifest.xml file. This will give you a good sense of what the application can do and how it interacts with other applications on the same device. For more about what you can find in AndroidManifest.xml , visit https://developer.android.com/guide/topics/manifest/manifest-intro/ .
应用程序使用的权限(例如发送短信的能力以及其他应用程序与其交互所需的权限)也在此 AndroidManifest.xml 文件中声明。这将使您了解应用程序的功能以及它如何与同一设备上的其他应用程序交互。有关在 AndroidManifest.xml 中查找的更多信息,请访问 https://developer.android.com/guide/topics/manifest/manifest-intro/。
The classes.dex file contains the application source code compiled in the DEX file format. You can use the various Android hacking tools introduced later in this chapter to extract and decompile this source code for analysis. For more on conducting source code reviews for vulnerabilities, check out Chapter 22 .
classes.dex 文件包含以 DEX 文件格式编译的应用程序源代码。您可以使用本章后面介绍的各种 Android 黑客工具来提取和反编译此源代码以进行分析。有关查找漏洞的源代码评论的更多信息,请查看第 22 章。
The resources.arsc file contains the application’s precompiled resources, such as strings, colors, and styles. The res folder contains the application’s resources not compiled into resources.arsc . In the res folder, the res/values/strings.xml file contains literal strings of the application.
资源文件 resources.arsc 包含了应用程序的预编译资源,例如字符串、颜色和样式。res 文件夹包含了应用程序中没有编译成 resources.arsc 的资源。在 res 文件夹中,res/values/strings.xml 文件包含了应用程序中的字面字符串。
The lib folder contains compiled code that is platform dependent. Each subdirectory in lib contains the specific source code used for a particular mobile architecture. Compiled kernel modules are located here and are often a source of vulnerabilities.
lib 文件夹包含平台相关的已编译代码。每个子目录中的 lib 都包含特定移动架构所使用的源代码。编译的内核模块位于此处,并常常成为漏洞的来源。
The assets folder contains the application’s assets, such as video, audio, and document templates. Finally, the META-INF folder contains the MANIFEST.MF file, which stores metadata about the application. This folder also contains the certificate and signature of the APK.
assets 文件夹包含应用程序的资源,例如视频、音频和文档模板。最后,META-INF 文件夹包含 MANIFEST.MF 文件,其中存储有关应用程序的元数据。该文件夹还包含 APK 的证书和签名。
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论