Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jaiswalakshansh/Vuldroid

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
https://github.com/jaiswalakshansh/Vuldroid

android-application android-security application-security deeplink vulnerable-application webview-xss

Last synced: about 1 month ago
JSON representation

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

Awesome Lists containing this project

README 

        

# Vuldroid

	

  ![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) ![supports Android](https://img.shields.io/badge/Android-4630EB.svg?style=flat-square&logo=ANDROID&labelColor=A4C639&logoColor=fff)
  



Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code.






## Vulnerabilities Covered:

- Code Execution via Malicious App

- Steal Files via Webview using XHR request

- Steal Files using Fileprovider via Intents

- Steal Password ResetTokens/MagicLoginLinks

- Webview Xss via Exported Activity

- Webview Xss via DeepLink

- Intent Sniffing Between Two Applications

- Reading User Email via Broadcasts



## To Get started:

 - Install the APK from the [repository](https://github.com/jaiswalakshansh/Vuldroid/blob/master/Apks/Vuldroid.apk?raw=true) and play around

 - Find the areas where you think this can be exploited

 - I have also written a [blog](https://medium.com/@akshanshjaiswal/vuldroid-app-walkthrough-8f8e4511cad5?sk=45daf0e7fcf7de3f6a92fe8574c070a9) that you can refer as walkthrough but make sure you try yourself first

 - If you want to use your own firebase project for authentication clone the repo and remove the google-services.json and add your project one.