Welcome to BugBazaar, your gateway to mastering Mobile penetration testing on the Android platform!
BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than 10 modules and features, each replicating real-world functions and the vulnerabilities surrounding them.
We've bundled 30+ vulnerabilities into a single application, saving you from downloading multiple apps to learn about mobile application pentesting. We've packed a lot into one.
Whether you're a security enthusiast, developer, beginner exploring the mobile pentesting arena, or a professional looking to hone your skills, BugBazaar has something for everyone on the mobile pentesting learning curve.
BugBazaar offers a wide range of vulnerabilities, from "RCE through insecure Dynamic Code Loading" to "One Click Account Takeover via deeplink." We cover "intent Spoofing" to "SQLite db injection," "WebView" bugs to "IPC" misconfigurations in Android — we've got a lot of things covered.
What's more exciting? Stay in sync with the evolving landscape! BugBazaar regularly updates with fresh vulnerabilities and captivating challenges. Stay vigilant, stay ahead! Get Started Today!
- Opening arbitrary URLs in the webview
- XSS
- OPEN REDIRECTION
- Account Takeover via Stealing Session ID (Host validation bypass)
- Stealing User token Via JavaScriptInterface class
- Access of Arbitrary files via insecure Flags
- Note: Only exploitable until API level 28
- Stealing of Arbitrary files via Insecure
WebResourceResponse
- Intent interception
- Account takeover via intent Spoofing
- Steal User's Contact via Insecure Pending Intent
- RCE through insecure Dynamic Code Loading
- CSRF to add the product to cart
- Deep link hijacking to load URLs in webview
- Content Spoofing on Offers activity
- Exported Components
- Steal User's Contact via typo permission in Content Provider
- Insecure broadcast receiver
- Access to Protected Components via broadcast Receiver
- Insecure services
- Fragment injection in Refer-Us
- SQL Injection via user input in My order
- Content Provider SQL Injection in Address
- Data insertion via insecure Content Provider in Address
- Copy/Paste buffer Caching
- Application backgrounding
- Insecure Logging (logging user creds
- Unencrypted database
- Man in the Disk Attack
- Storing sensitive info in SharedPref
- Hardcoded secrets
- Improper Input Validation
- Unrestricted file upload
- Misconfigured firebase's firestore
- Passcode Bypass
- Tapjacking
- Improper exception Handling
- Debuggable application
- Backup enabled
- Task Hijacking
- Improper cache handling
- Runtime code modification
- Login pin bypass via Frida/Objection
- EASY LEVEL:
- RootBear Library
- MEDIUM LEVEL:
- Magisk detect
- Emulator Check
- FRIDA DETECTION
- ADVANCE LEVEL -
⚠️ IN PROGRESS WILL UPDATE IN UPCOMING Release⚠️
| Amit Kumar Prajapat | Lead Security Consultant at Payatu- Mobile | GitHub | ||
| Vedant Wayal | Senior Security Consultant at Payatu - Mobile | GitHub | ||
| Akshay Khilari | Security Consultant at Payatu- Mobile | GitHub |
