Mobile

If you found exposed broadcast receiver in android app. Reverse the app and investigate it...it may give you access to private shared pref using object deserialization and may lead to account take over!

Android tip: wifi passwords are in /data/misc/wifi/wpa_supplicant.conf

https://twitter.com/B3nac/status/1226746962537369600twitter.com

#bugbounty Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500! 😎👍 pic.twitter.com/JvP4jN8Zha— xer0dayz (@xer0dayz) June 24, 2018

• When trying to backup an android app without root privileges for vulnerabilities, you need to know the package name but you don't have access to the /data directory. Run --> aapt dump badging abc.ap

• https://twitter.com/Hacker0x01/status/1229869424628420608 - AndroidHackingMonth

• #bugbounty Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields. Payout: $4,500!

• #BugBountyTip this helped me alot: In case a program has an Android/IOS app, extract endpoints and add those to your wordlists before running directory bruteforce on the subdomains list. You'll be surprised to see the results