BugBazaar: Mobile penetration testing on the Android platform
Android BugBazaar: Your mobile appsec playground to Explore, Exploit, Excel
BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than 10 modules and features, each replicating real-world functions and the vulnerabilities surrounding them.
Vulnerabilities
WEBVIEW
- Opening arbitrary URLs in the webview
- XSS
- OPEN REDIRECTION
- Account Takeover via Stealing Session ID (Host validation bypass)
- Stealing User token Via JavaScriptInterface class
- Access of Arbitrary files via insecure Flags
- Note: Only exploitable until API level 28
- Stealing of Arbitrary files via Insecure
WebResourceResponse
INTENT
- Intent interception
- Account takeover via intent Spoofing
- Steal User’s Contact via Insecure Pending Intent
- RCE through insecure Dynamic Code Loading
Deep Link
- CSRF to add the product to cart
- Deep link hijacking to load URLs in webview
- Content Spoofing on Offers activity
IPC COMPONENTS
- Exported Components
- Steal User’s Contact via typo permission in Content Provider
- Insecure broadcast receiver
- Access to Protected Components via broadcast Receiver
- Insecure services
- Fragment injection in Refer-Us
Injections
- SQL Injection via user input in My order
- Content Provider SQL Injection in Address
- Data insertion via insecure Content Provider in Address
Unintended Data Leakage
- Copy/Paste buffer Caching
- Application backgrounding
- Insecure Logging (logging user creds
Insecure Storage
- Unencrypted database
- Man in the Disk Attack
- Storing sensitive info in SharedPref
- Hardcoded secrets
OTHERS
- Improper Input Validation
- Unrestricted file upload
- Misconfigured firebase’s firestore
- Passcode Bypass
- Tapjacking
- Improper exception Handling
- Debuggable application
- Backup enabled
- Task Hijacking
- Improper cache handling
Runtime exploitation
- Runtime code modification
- Login pin bypass via Frida/Objection
APP Protection
- EASY LEVEL:
- RootBear Library
- MEDIUM LEVEL:
- Magisk detect
- Emulator Check
- FRIDA DETECTION
- ADVANCE LEVEL – ⚠️IN PROGRESS WILL UPDATE IN UPCOMING Release⚠️
