maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/mobile-pentesting/android-app-pentesting/react-native-application.md

40 lines
2.3 KiB
Markdown
Raw Blame History

{{#include ../../banners/hacktricks-training.md}}
# Uchambuzi wa Programu ya React Native
Ili kuthibitisha kama programu ilijengwa kwenye mfumo wa React Native, fuata hatua hizi:
1. Badilisha jina la faili la APK kuwa na kiambishi cha zip na uondoe kwenye folda mpya kwa kutumia amri `cp com.example.apk example-apk.zip` na `unzip -qq example-apk.zip -d ReactNative`.
2. Tembea kwenye folda mpya iliyoundwa ya ReactNative na pata folda ya mali. Ndani ya folda hii, unapaswa kupata faili `index.android.bundle`, ambayo ina React JavaScript katika muundo wa minified.
3. Tumia amri `find . -print | grep -i ".bundle$"` kutafuta faili la JavaScript.
Ili kuchambua zaidi msimbo wa JavaScript, tengeneza faili lililo na jina `index.html` katika saraka hiyo hiyo lenye msimbo ufuatao:
```html
<script src="./index.android.bundle"></script>
```
Unaweza kupakia faili kwenye [https://spaceraccoon.github.io/webpack-exploder/](https://spaceraccoon.github.io/webpack-exploder/) au fuata hatua hizi:
1. Fungua faili la `index.html` kwenye Google Chrome.
2. Fungua Toolbar ya Developer kwa kubonyeza **Command+Option+J kwa OS X** au **Control+Shift+J kwa Windows**.
3. Bonyeza "Sources" kwenye Toolbar ya Developer. Unapaswa kuona faili la JavaScript ambalo limegawanywa katika folda na faili, likiunda bundle kuu.
Ikiwa utapata faili inayoitwa `index.android.bundle.map`, utaweza kuchambua msimbo wa chanzo katika muundo usio na minified. Faili za ramani zina ramani ya chanzo, ambayo inakuwezesha kubaini vitambulisho vilivyopunguzwa.
Ili kutafuta akidi nyeti na mwisho, fuata hatua hizi:
1. Tambua maneno muhimu nyeti ili kuchambua msimbo wa JavaScript. Programu za React Native mara nyingi hutumia huduma za watu wengine kama Firebase, AWS S3 service endpoints, funguo za kibinafsi, nk.
2. Katika kesi hii maalum, programu ilionekana kutumia huduma ya Dialogflow. Tafuta muundo unaohusiana na usanidi wake.
3. Ilikuwa na bahati kwamba akidi nyeti zilizowekwa kwa mikono zilipatikana katika msimbo wa JavaScript wakati wa mchakato wa recon.
## Marejeleo
- [https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7](https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7)
{{#include ../../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink