Skip to content

Commit

Permalink
Update techniques/android/MASTG-TECH-0022.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@cpholguera
cpholguera authored Dec 8, 2024
1 parent f372110 commit 0d87dcb
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion techniques/android/MASTG-TECH-0022.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ platform: android

Most of the apps you might encounter connect to remote endpoints. Even before you perform any dynamic analysis (e.g. traffic capture and analysis), you can obtain some initial inputs or entry points by enumerating the domains to which the application is supposed to communicate to.

Typically these domains will be present as strings within the binary of the application. One way to achieve this is by using automated tools such as @MASTG-TOOL-0121 or @MASTG-TOOL-0035. Alternatively, you can _grep_ for the domain names by using regular expressions. For this you can target the app binary directly or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is being used (e.g. class and method).
Typically, these domains will be present as strings within the binary of the application. One way to do this is to use automated tools such as @MASTG-TOOL-0125 or @MASTG-TOOL-0035.

Alternatively, you can _grep_ for the domain names using regular expressions. To do this, you can target the app binary directly, or reverse engineer it and target the disassembled or decompiled code. The latter option has a clear advantage: it can provide you with **context**, as you'll be able to see in which context each domain is used (e.g. class and method).

From here on you can use this information to derive more insights which might be of use later during your analysis, e.g. you could match the domains to the pinned certificates or the [Network Security Configuration](../../Document/0x05g-Testing-Network-Communication.md#android-network-security-configuration) file or perform further reconnaissance on domain names to know more about the target environment. When evaluating an application it is important to check the Network Security Configuration file, as often (less secure) debug configurations might be pushed into final release builds by mistake.

Expand Down

0 comments on commit 0d87dcb

Please sign in to comment.