React Native Application

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Uchambuzi wa Programu ya React Native

Ili kuthibitisha kama programu ilijengwa kwenye mfumo wa React Native, fuata hatua hizi:

Badilisha jina la faili la APK kwa kiambishi cha zip na uondoe kwenye folda mpya kwa kutumia amri cp com.example.apk example-apk.zip na unzip -qq example-apk.zip -d ReactNative.
Tembea kwenye folda mpya iliyoundwa ya ReactNative na pata folda ya mali. Ndani ya folda hii, unapaswa kupata faili index.android.bundle, ambayo ina JavaScript ya React katika muundo wa minified.
Tumia amri find . -print | grep -i ".bundle$" kutafuta faili la JavaScript.

Ili kuchambua zaidi msimbo wa JavaScript, tengeneza faili lililo na jina index.html katika saraka hiyo hiyo lenye msimbo ufuatao:

<script src="./index.android.bundle"></script>

You can upload the file to https://spaceraccoon.github.io/webpack-exploder/ or follow these steps:

Fungua faili la index.html katika Google Chrome.
Fungua Developer Toolbar kwa kubonyeza Command+Option+J kwa OS X au Control+Shift+J kwa Windows.
Bonyeza "Sources" katika Developer Toolbar. Unapaswa kuona faili la JavaScript ambalo limegawanywa katika folda na faili, likiunda bundle kuu.

If you find a file called index.android.bundle.map, you will be able to analyze the source code in an unminified format. Map files contain source mapping, which allows you to map minified identifiers.

To search for sensitive credentials and endpoints, follow these steps:

Tambua maneno muhimu nyeti ili kuchambua msimbo wa JavaScript. Programu za React Native mara nyingi hutumia huduma za watu wengine kama Firebase, AWS S3 service endpoints, funguo za kibinafsi, n.k.
Katika kesi hii maalum, programu ilionekana ikitumia huduma ya Dialogflow. Tafuta muundo unaohusiana na usanidi wake.
Ilikuwa na bahati kwamba akreditif nyeti zilizowekwa kwa mikono zilipatikana katika msimbo wa JavaScript wakati wa mchakato wa recon.

References

https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

PreviousManual DeObfuscation NextReversing Native Libraries

Last updated 8 days ago