Help needed.Google access token

streaak / keyhacks

Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.

4.86k stars 1.01k forks source link

Closed sajalnew closed 5 years ago

sajalnew commented 5 years ago

I found google client id and client secret hardcoded in android app in a BB program.How can confirm/show that the client secret and id are working?

showhidebot commented 5 years ago

003random commented 5 years ago

I think you need a fancier POC, if you really want to prove impact tho. Here, thy this: https://jsfiddle.net/4a7L21hu/