Shared Preferences
Android provides many ways of storing data of an application.
One of this way is called Shared Preferences. Shared Preferences allow you to save and retrieve data in the form of name,value pair.
I will be using Appuse which is a vm developed for Android Application Penetration Testing.
Im using Sieve application.
Steps for Insecure Data Storage shared preferences database:
1.Get the package name from androidmanifest.xml file of the app.
To get package name of an app use the command
apktool d app_name.apk
2.Open the terminal and enter adb shell.
3.su root.
4.cd data/data/
5.Enter into the directory of the app using the package name.
6.cd package_name.
7.Enter ls
8.Enter into the directory with name shared preferences.
9.Enter ls to view the files in the directory.
10.Open a new terminal.
11.Copy the file from android to your linux with command
adb pull data/data/package_name/Shared_Pref/file_name
12.Open the file in your linux.
13.Search for sensitive data stored in the file.
15.It can include usernames and passwords.
Android provides many ways of storing data of an application.
One of this way is called Shared Preferences. Shared Preferences allow you to save and retrieve data in the form of name,value pair.
I will be using Appuse which is a vm developed for Android Application Penetration Testing.
Im using Sieve application.
Steps for Insecure Data Storage shared preferences database:
1.Get the package name from androidmanifest.xml file of the app.
To get package name of an app use the command
apktool d app_name.apk
2.Open the terminal and enter adb shell.
3.su root.
4.cd data/data/
5.Enter into the directory of the app using the package name.
6.cd package_name.
7.Enter ls
8.Enter into the directory with name shared preferences.
9.Enter ls to view the files in the directory.
10.Open a new terminal.
11.Copy the file from android to your linux with command
adb pull data/data/package_name/Shared_Pref/file_name
12.Open the file in your linux.
13.Search for sensitive data stored in the file.
15.It can include usernames and passwords.
No comments:
Post a Comment