Lect_8 - Deekshith19/Android_Security GitHub Wiki

9.ACCESS CONTROL ISSUES - PART 1

We explore the application by entering values in the search EditText field

image

by pressing view API CREDENTIALS

image

Our aim is without any userinteraction we need acces that API CREDENTIALS

When we open the adb logcat and click on the button, we can find the activity name. Command

logcat | grep -i “APICredActivity”

image

So we run the following command:

adb shell am start –n jakhar.aseem.diva/.APICredsActivity

and confirm that when we run the following command with the device on the screen with the button.And it automatically shows the screen with the credentials without restrictions, like we had pressed the button.