mirror of
https://github.com/stulle123/kakaotalk_analysis.git
synced 2025-02-06 15:05:47 +00:00
Finish README.md
This commit is contained in:
stulle123
parent
b3b3537340
commit
ec2190cd92
30
README.md
30
README.md
|
|
@ -1,29 +1,19 @@
|
||||||
# Kakaotalk 10.3.7 Analysis
|
# Kakaotalk 10.4.3 Security Analysis
|
||||||
|
|
||||||
- [Setup](#setup)
|
|
||||||
- [Recon](#recon)
|
|
||||||
- [Findings](#findings)
|
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
|
||||||
See [here](SETUP.md).
|
[My setup used to analyze the KakaoTalk Android app](SETUP.md).
|
||||||
|
|
||||||
## Recon
|
## Recon
|
||||||
|
|
||||||
See [here](RECON.md).
|
- [General recon notes](RECON.md).
|
||||||
|
- [WebView recon](./recon/webview/WEBVIEW.md).
|
||||||
|
|
||||||
|
## Scripts
|
||||||
|
|
||||||
|
Frida and mitmproxy scripts are [here](./scripts/).
|
||||||
|
|
||||||
## Findings
|
## Findings
|
||||||
|
|
||||||
### TO-DOs
|
- [Steal another user's chat messages](ACCOUNT_TAKEOVER.md)
|
||||||
|
- [Secret Chat findings](SECRET_CHAT.md)
|
||||||
- Find a proxy Activity to start `MyProfileSettingsActivity` -> steal token
|
|
||||||
- Find a `setResult()` call to access `content://com.kakao.talk.FileProvider`
|
|
||||||
- Test Secret Chat interception with `mitmproxy` script
|
|
||||||
* Use value from `pt` field to compute the nonce
|
|
||||||
* Does a warning pop up?
|
|
||||||
* What about the master secret?
|
|
||||||
- Test CFB bit flipping
|
|
||||||
- Create a `Plus Friend` or `Kakao Business` page or an `Open Chat Room` to deliver malicious JS
|
|
||||||
- Connect with Sergey Toshin
|
|
||||||
- Check out https://github.com/oversecured/ovaa
|
|
||||||
- I can load URLs in `CommerceShopperWebViewActivity` and `KGPopupActivity` -> check for vulns
|
|
||||||
Loading…
Reference in New Issue
Block a user