# LAB - API SQLi in Android In this lab environment, you will get access to a Debian machine, which has all the required tools installed on it for this lab, along with an Android emulator. To start the Android emulator, run the "startemulator.sh" script present at "Desktop." **Objective:** Identify and exploit a SQL Injection (SQLi) vulnerability. The following Android application can be useful: * NovaTech.apk: Intentionally vulnerable Android application. (Pre-installed on the emulator). The following credentials can be useful: ``` Username: alice Password: pass ``` ***

After exucte the app, we can see a login panel and we can input credentials to login. Then, we can see a search "Schoolmate" -->

We can to try set a basic SLQi --> ``` %'/**/OR/**/1=1-- ```

But, the app dosent give us nothing response, so... we can try to intercep the traffic with burpsuite and read some content --> #### Configurate Bupsuite Frist, locate us local IP, wit it, go to Wi-Fi device and set the proxy of burpsuite, in this case: 10.138.0.36:8080 (because it is me IP address)

With it, we can up the proxy of burp, and finish to configurate the proxy of burpsite

Now, modify the peticion and set the SQLi -->

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eldeim.gitbook.io/brain_fuck/notes/certifications/eastereggs/ine-emapt/android-dynamic-testing/lab-api-sqli-in-android.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.