mirror of
https://github.com/stulle123/kakaotalk_analysis.git
synced 2025-02-06 15:05:47 +00:00
Finish README.md
This commit is contained in:
stulle123
parent
b3b3537340
commit
ec2190cd92
30
README.md
30
README.md
|
|
@ -1,29 +1,19 @@
|
|||
# Kakaotalk 10.3.7 Analysis
|
||||
|
||||
- [Setup](#setup)
|
||||
- [Recon](#recon)
|
||||
- [Findings](#findings)
|
||||
# Kakaotalk 10.4.3 Security Analysis
|
||||
|
||||
## Setup
|
||||
|
||||
See [here](SETUP.md).
|
||||
[My setup used to analyze the KakaoTalk Android app](SETUP.md).
|
||||
|
||||
## Recon
|
||||
|
||||
See [here](RECON.md).
|
||||
- [General recon notes](RECON.md).
|
||||
- [WebView recon](./recon/webview/WEBVIEW.md).
|
||||
|
||||
## Scripts
|
||||
|
||||
Frida and mitmproxy scripts are [here](./scripts/).
|
||||
|
||||
## Findings
|
||||
|
||||
### TO-DOs
|
||||
|
||||
- Find a proxy Activity to start `MyProfileSettingsActivity` -> steal token
|
||||
- Find a `setResult()` call to access `content://com.kakao.talk.FileProvider`
|
||||
- Test Secret Chat interception with `mitmproxy` script
|
||||
* Use value from `pt` field to compute the nonce
|
||||
* Does a warning pop up?
|
||||
* What about the master secret?
|
||||
- Test CFB bit flipping
|
||||
- Create a `Plus Friend` or `Kakao Business` page or an `Open Chat Room` to deliver malicious JS
|
||||
- Connect with Sergey Toshin
|
||||
- Check out https://github.com/oversecured/ovaa
|
||||
- I can load URLs in `CommerceShopperWebViewActivity` and `KGPopupActivity` -> check for vulns
|
||||
- [Steal another user's chat messages](ACCOUNT_TAKEOVER.md)
|
||||
- [Secret Chat findings](SECRET_CHAT.md)
|
||||
Loading…
Reference in New Issue
Block a user