API BFLA in Android

In this lab environment, you will get access to a Debian machine, which has all the required tools installed on it for this lab, along with an Android emulator. To start the Android emulator, run the "startemulator.sh" script present at "Desktop."

Objective: Identify and exploit a Broken Function Level Authorization (BFLA) vulnerability.

The following Android application can be useful:

NovaTech.apk: Intentionally vulnerable Android application. (Pre-installed on the emulator).

The following credentials can be useful:

Username: alice
Password: pass

The frist thing we do is exec the android emulator and login with the credentials getting -->

We have logged into the user profile of "Alice," where we can view the associated user data and account details.

Click on the "Dashboard" button.

We are presented with the user dashboard overview. Here we can see some more user details.

Open a new terminal and check the system IP, and set the global HTTP proxy on the Android device to the system IP address.

## View us IP
ip addr
## Set Proxy with us IP
adb shell settings put global http_proxy <IP>:8080

Now, config the Burp Proxy

With it, we can see that the proxy its woking weel. So... Now intercept "Dashboard"peticions -->

We can manipulate the user_id, and see information about others user (IDOR)

PreviousLABs - API NextAPI Fuzzing

Last updated 1 month ago