search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.43k stars 2.26k forks source link

5c - Create Information Gathering (Dynamic Instrumentation) #1364

Open cpholguera opened 4 years ago

cpholguera commented 4 years ago

Create Tampering and RI -> Dynamic Instrumentation -> Information gathering

after "Tampering and RI -> Dynamic Instrumentation -> Tooling

##### Information Gathering
###### Getting Loaded Libraries
###### Getting Loaded Classes and their Methods
###### Getting Runtime Dependencies

This section is intended to show a couple of cases where you can apply dynamic analysis for Information Gathering and present some of the things you can retrieve.

sushi2k commented 4 years ago

r2frida should be added with an example in "###### Getting Loaded Libraries" besides Process.enumerateModules() in Frida.

https://github.com/enovella/r2frida-wiki/blob/master/README.md