Cyber Security | Web Development

Lab 1:   SQL injection UNION attack, determining the number of columns returned by the query Introduction      This lab contains an SQL injection vulnerability in the product category filter. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables. The first step of such an attack is to determine the number of columns that are being returned by the query. You will then use this technique in subsequent labs to construct the full attack.      To solve the lab, determine the number of columns returned by the query by performing an  SQL injection UNION  attack that returns an additional row containing null values. Solutions: Use Burp Suite to intercept and modify the request that sets the product category filter. Modify the  category  parameter, giving it the value  '+UNION+SELECT+NULL-- . Observe that an error occurs. Modify the  category  parameter to add an additional column containi

 Introduction               Frida framework used to break the SSL pinning in the android application which we can intercept the data in the burp suite for testing purposes. Required tools:      1. Appie - ADB      2. Genymotion      3. Python(V3.9.9) Step 1: Config Genymotion Emulator device (Prefer below config device) Step 2: Download and install python in our system. Link:  https://www.python.org/downloads/windows/     To check the python version in your system: CMD: python --version We need to install some python packages for the Frida server. For this enter the following command in the terminal: python -m pip install Frida python -m pip install objection python -m pip install frida-tools Or I prefer below commands: pip install Frida pip install objection pip install frida-tools Step 3: We need to download the fridascript.js file and place it below the directory. Link:  https://codeshare.frida.re/@pcipolloni/universal-android-ssl-pinning-bypass-with-frida/ Step 4: Connect device

How to reverse engineering in Android application      Required tools :           1. JAD ()          2. DEX2JAR ()          3. 7ZIP      Note: Put your apk app and all tools in a single folder(to easy access). Step 1:   To redirect the command prompt directly. Step 2: Convert DEX to JAR  Using tool dex2jar      Now we got extracted file Step 3:  We extracted the jar file      U sing the 7Zip tool  Choose your required files and copy them to your local disk. Now we got Class files but we can’t edit them so next, we have to convert the Class file into Java.      Using a tool: JAD Step 4:      Convert class file to java file Use any online java compiler to execute the below code.      Note: Take the secret key from a.java and MessageActivity.java source code. import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class Main {     public static void main(String[] args) {         try