mobile-app-security-testing

📁 ed1s0nz/cyberstrikeai 📅 7 days ago

总安装量

周安装量

#30054

全站排名

安装命令

npx skills add https://github.com/ed1s0nz/cyberstrikeai --skill mobile-app-security-testing

Agent 安装分布

amp 1

opencode 1

kimi-cli 1

codex 1

github-copilot 1

codebuddy 1

Skill 文档

ç§»å¨åºç¨å®å¨æµè¯

æ¦è¿°

æµè¯èå´

1. åºç¨å®å¨

æ£æ¥é¡¹ç®ï¼

ä»£ç æ··æ·
åç¼è¯é²æ¤
è°è¯é²æ¤
è¯ä¹¦ç»å®

2. æ°æ®å®å¨

æ£æ¥é¡¹ç®ï¼

æ°æ®å å¯
å¯é¥ç®¡ç
æææ°æ®åå¨
æ°æ®ä¼ è¾

3. è®¤è¯ææ

æ£æ¥é¡¹ç®ï¼

è®¤è¯æºå¶
Tokenç®¡ç
çç©è¯å«
ä¼è¯ç®¡ç

4. éä¿¡å®å¨

æ£æ¥é¡¹ç®ï¼

TLS/SSLéç½®
è¯ä¹¦éªè¯
APIå®å¨
ä¸é´äººæ»å»é²æ¤

Androidå®å¨æµè¯

éæåæ

ä½¿ç¨APKToolï¼

# åç¼è¯APK
apktool d app.apk

# æ¥çAndroidManifest.xml
cat app/AndroidManifest.xml

# æ¥çSmaliä»£ç 
find app/smali -name "*.smali"

ä½¿ç¨Jadxï¼

# åç¼è¯APK
jadx -d output app.apk

# æ¥çJavaæºç 
find output -name "*.java"

ä½¿ç¨MobSFï¼

# å¯å¨MobSF
docker run -it -p 8000:8000 opensecurity/mobsf

# ä¸ä¼ APKè¿è¡åæ
# è®¿é® http://localhost:8000

å¨æåæ

ä½¿ç¨Fridaï¼

// Hookå½æ°
Java.perform(function() {
    var MainActivity = Java.use("com.example.MainActivity");
    MainActivity.onCreate.implementation = function(savedInstanceState) {
        console.log("[*] onCreate called");
        this.onCreate(savedInstanceState);
    };
});

ä½¿ç¨Objectionï¼

# å¯å¨Objection
objection -g com.example.app explore

# Hookå½æ°
android hooking watch class_method com.example.MainActivity.onCreate

ä½¿ç¨Burp Suiteï¼

# éç½®ä»£ç
# Androidè®¾ç½®ä»£çæåBurp Suite
# å®è£Burpè¯ä¹¦

å¸¸è§æ¼æ´

ç¡¬ç¼ç å¯é¥ï¼

// ä¸å®å¨çä»£ç 
String apiKey = "1234567890abcdef";
String password = "admin123";

ä¸å®å¨çåå¨ï¼

// SharedPreferencesåå¨æææ°æ®
SharedPreferences prefs = getSharedPreferences("data", MODE_WORLD_READABLE);
prefs.edit().putString("password", password).apply();

è¯ä¹¦éªè¯ç»è¿ï¼

// ä¸éªè¯è¯ä¹¦
TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() { return null; }
        public void checkClientTrusted(X509Certificate[] certs, String authType) { }
        public void checkServerTrusted(X509Certificate[] certs, String authType) { }
    }
};

iOSå®å¨æµè¯

éæåæ

ä½¿ç¨class-dumpï¼

# å¯¼åºå¤´æä»¶
class-dump app.ipa

# æ¥çå¤´æä»¶
find app -name "*.h"

ä½¿ç¨Hopperï¼

# ä½¿ç¨Hopperåæ±ç¼
# æå¼appäºè¿å¶æä»¶
# åææ±ç¼ä»£ç

ä½¿ç¨otoolï¼

# æ¥çMach-Oä¿¡æ¯
otool -L app

# æ¥çåç¬¦ä¸²
strings app | grep -i "password\|key\|secret"

å¨æåæ

ä½¿ç¨Fridaï¼

// Hook Objective-Cæ¹æ³
var className = ObjC.classes.ViewController;
var method = className['- login:password:'];
Interceptor.attach(method.implementation, {
    onEnter: function(args) {
        console.log("[*] Login called");
        console.log("Username: " + ObjC.Object(args[2]).toString());
        console.log("Password: " + ObjC.Object(args[3]).toString());
    }
});

ä½¿ç¨Cycriptï¼

# éå å°è¿ç¨
cycript -p app

# æ§è¡å½ä»¤
[UIApplication sharedApplication]

å¸¸è§æ¼æ´

ç¡¬ç¼ç å¯é¥ï¼

// ä¸å®å¨çä»£ç 
NSString *apiKey = @"1234567890abcdef";
NSString *password = @"admin123";

ä¸å®å¨çåå¨ï¼

// Keychainåå¨ä¸å½
NSUserDefaults *defaults = [NSUserDefaults standardUserDefaults];
[defaults setObject:password forKey:@"password"];

è¯ä¹¦éªè¯ç»è¿ï¼

// ä¸éªè¯è¯ä¹¦
- (void)connection:(NSURLConnection *)connection 
didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
    [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] 
          forAuthenticationChallenge:challenge];
}

å·¥å·ä½¿ç¨

MobSF

# å¯å¨MobSF
docker run -it -p 8000:8000 opensecurity/mobsf

# ä¸ä¼ åºç¨è¿è¡åæ
# æ¯æAndroidåiOS

Frida

# å®è£Frida
pip install frida-tools

# è¿è¡èæ¬
frida -U -f com.example.app -l script.js

Objection

# å®è£Objection
pip install objection

# å¯å¨Objection
objection -g com.example.app explore

Burp Suite

éç½®ä»£çï¼

éç½®Burp Suiteçå¬å¨
ç§»å¨è®¾å¤è®¾ç½®ä»£ç
å®è£Burpè¯ä¹¦
æ¦æªååææµé

æµè¯æ¸å

åºç¨å®å¨

ä»£ç æ··æ·æ£æ¥
åç¼è¯é²æ¤
è°è¯é²æ¤
è¯ä¹¦ç»å®

æ°æ®å®å¨

æ°æ®å å¯æ£æ¥
å¯é¥ç®¡ç
æææ°æ®åå¨
æ°æ®ä¼ è¾å®å¨

è®¤è¯ææ

è®¤è¯æºå¶æµè¯
Tokenç®¡ç
ä¼è¯ç®¡ç
çç©è¯å«

éä¿¡å®å¨

TLS/SSLéç½®
è¯ä¹¦éªè¯
APIå®å¨æµè¯
ä¸é´äººæ»å»é²æ¤

å¸¸è§å®å¨é®é¢

1. ç¡¬ç¼ç å¯é¥

é®é¢ï¼

APIå¯é¥ç¡¬ç¼ç
å¯ç ç¡¬ç¼ç
å å¯å¯é¥ç¡¬ç¼ç

ä¿®å¤ï¼

ä½¿ç¨å¯é¥ç®¡çæå¡
ä½¿ç¨ç¯å¢åé
ä½¿ç¨å®å¨åå¨

2. ä¸å®å¨çåå¨

é®é¢ï¼

ææåå¨æææ°æ®
ä½¿ç¨ä¸å®å¨çåå¨æ¹å¼
æ°æ®æªå å¯

ä¿®å¤ï¼

ä½¿ç¨å å¯åå¨
ä½¿ç¨Keychain/Keystore
å®æ½æ°æ®å å¯

3. è¯ä¹¦éªè¯ç»è¿

é®é¢ï¼

ä¸éªè¯SSLè¯ä¹¦
æ¥åèªç¾åè¯ä¹¦
è¯ä¹¦åºå®æªå®æ½

ä¿®å¤ï¼

å®æ½è¯ä¹¦åºå®
éªè¯è¯ä¹¦é¾
ä½¿ç¨ç³»ç»è¯ä¹¦åå¨

4. è°è¯ä¿¡æ¯æ³é²

é®é¢ï¼

æ¥å¿åå«ææä¿¡æ¯
éè¯¯ä¿¡æ¯æ³é²
è°è¯æ¨¡å¼æªç¦ç¨

ä¿®å¤ï¼

ç§»é¤è°è¯ä»£ç
éå¶æ¥å¿è¾åº
çäº§ç¯å¢ç¦ç¨è°è¯

æä½³å®è·µ

1. ä»£ç å®å¨

å®æ½ä»£ç æ··æ·
ç¦ç¨è°è¯åè½
å®æ½åè°è¯ä¿æ¤
ä½¿ç¨è¯ä¹¦ç»å®

2. æ°æ®å®å¨

å å¯æææ°æ®
ä½¿ç¨å®å¨åå¨
å®æ½å¯é¥ç®¡ç
éå¶æ°æ®è®¿é®

3. éä¿¡å®å¨

ä½¿ç¨TLS/SSL
å®æ½è¯ä¹¦åºå®
éªè¯æå¡å¨è¯ä¹¦
ä½¿ç¨å®å¨API

4. è®¤è¯å®å¨

å®æ½å¼ºè®¤è¯
å®å¨Tokenç®¡ç
å®æ½ä¼è¯ç®¡ç
ä½¿ç¨çç©è¯å«

æ³¨æäºé¡¹

ä»å¨ææç¯å¢ä¸è¿è¡æµè¯
éµå®æ³å¾æ³è§
æ³¨æä¸åå¹³å°çå·®å¼
ä¿æ¤ç¨æ·éç§

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

mobile-app-security-testing

Agent 安装分布

Skill 文档

ç§»å¨åºç¨å®å ¨æµè¯

æ¦è¿°

æµè¯èå´

1. åºç¨å®å ¨

2. æ°æ®å®å ¨

3. è®¤è¯ææ

4. éä¿¡å®å ¨

Androidå®å ¨æµè¯

éæåæ

å¨æåæ

å¸¸è§æ¼æ´

iOSå®å ¨æµè¯

éæåæ

å¨æåæ

å¸¸è§æ¼æ´

å·¥å ·ä½¿ç¨

MobSF

Frida

Objection

Burp Suite

æµè¯æ¸ å

åºç¨å®å ¨

æ°æ®å®å ¨

è®¤è¯ææ

éä¿¡å®å ¨

å¸¸è§å®å ¨é®é¢

1. ç¡¬ç¼ç å¯é¥

2. ä¸å®å ¨çå­å¨

3. è¯ä¹¦éªè¯ç»è¿

4. è°è¯ä¿¡æ¯æ³é²

æä½³å®è·µ

1. ä»£ç å®å ¨

2. æ°æ®å®å ¨

3. éä¿¡å®å ¨

4. è®¤è¯å®å ¨

æ³¨æäºé¡¹

ç§»å¨åºç¨å®å¨æµè¯

æ¦è¿°

æµè¯èå´

1. åºç¨å®å¨

2. æ°æ®å®å¨

3. è®¤è¯ææ

4. éä¿¡å®å¨

Androidå®å¨æµè¯

éæåæ

å¨æåæ

å¸¸è§æ¼æ´

iOSå®å¨æµè¯

éæåæ

å¨æåæ

å¸¸è§æ¼æ´

å·¥å·ä½¿ç¨

æµè¯æ¸å

åºç¨å®å¨

æ°æ®å®å¨

è®¤è¯ææ

éä¿¡å®å¨

å¸¸è§å®å¨é®é¢

1. ç¡¬ç¼ç å¯é¥

2. ä¸å®å¨çåå¨

3. è¯ä¹¦éªè¯ç»è¿

4. è°è¯ä¿¡æ¯æ³é²

æä½³å®è·µ

1. ä»£ç å®å¨

2. æ°æ®å®å¨

3. éä¿¡å®å¨

4. è®¤è¯å®å¨

æ³¨æäºé¡¹