Firebase Cloud Messaging (FCM) is a cross-platform messaging solution that lets you reliably send messages at no cost. Using FCM, you can notify a client app that new email or other data is available to sync. You can send notification messages to drive user re-engagement and retention. For use cases such as instant messaging, a message can transfer a payload of up to 4000 bytes to a client app. attacker could control the content of push notifications to any application that runs the FCM SDK and has it’s FCM server key exposed and send notifications to every single user of the vulnerable application!
- With this Script you will be able to Find Valid Server Keys of the FCM from APK file
- Also it will be able to decode the apk file for you !
- NOTE!: YOU NEED TO INSTALL APKTOOL BEFORE CONTINUING WITH THIS
- This Script will Send Notification by using Server Key with IID token from the client app
$ git clone https://github.com/MazX0p/fcm-takeover.git
$ cd fcm-takeover
$ python3 FcmKf.py
$ pyhton3 FcmPushNotification.py| Name | README |
|---|---|
| APKtool | Apktool/documentation |
| FCM | FCM |
| ME! |
MIT
Free Software, Hell Yeah!