{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
To confirm if the application was built on the React Native framework, follow these steps:
-
Rename the APK file with a zip extension and extract it to a new folder using the command
cp com.example.apk example-apk.zip
andunzip -qq example-apk.zip -d ReactNative
. -
Navigate to the newly created ReactNative folder and locate the assets folder. Inside this folder, you should find the file
index.android.bundle
, which contains the React JavaScript in a minified format. -
Use the command
find . -print | grep -i ".bundle$"
to search for the JavaScript file.
To further analyze the JavaScript code, create a file named index.html
in the same directory with the following code:
<script src="./index.android.bundle"></script>
You can upload the file to https://spaceraccoon.github.io/webpack-exploder/ or follow these steps:
-
Open the
index.html
file in Google Chrome. -
Open the Developer Toolbar by pressing Command+Option+J for OS X or Control+Shift+J for Windows.
-
Click on "Sources" in the Developer Toolbar. You should see a JavaScript file that is split into folders and files, making up the main bundle.
If you find a file called index.android.bundle.map
, you will be able to analyze the source code in an unminified format. Map files contain source mapping, which allows you to map minified identifiers.
To search for sensitive credentials and endpoints, follow these steps:
-
Identify sensitive keywords to analyze the JavaScript code. React Native applications often use third-party services like Firebase, AWS S3 service endpoints, private keys, etc.
-
In this specific case, the application was observed to be using the Dialogflow service. Search for a pattern related to its configuration.
-
It was fortunate that sensitive hard-coded credentials were found in the JavaScript code during the recon process.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.