You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Detect CWE-295 in Android Application (InsecureShop.apk)
This scenario seeks to find Improper Certificate Validation. See CWE-295 for more details.
Let’s use this APK and the above APIs to show how the Quark script finds this vulnerability.
We use the API findMethodInAPK to locate all SslErrorHandler.proceed methods. Then we need to identify whether the method WebViewClient.onReceivedSslError is overridden by its subclass.
First, we check and make sure that the MethodInstance.name is onReceivedSslError, and the MethodInstance.descriptor is (Landroid/webkit/WebView; Landroid/webkit/SslErrorHandler; Landroid/net/http/SslError;)V.
Then we use the method API MethodInstance.findSuperclassHierarchyto get the supclass list of the method's caller class.
Finally, we check the Landroid/webkit/WebViewClient; is on the supclass list. If YES , that may cause CWE-295 vulnerability.
API Spec
MethodInstance.findSuperclassHierarchy()
Description: Find all superclass hierarchy of this method object.
params: None
Return: Python list contains all superclas's name of the this method.
Quark Script CWE-295.py
fromquark.scriptimportfindMethodInAPKSAMPLE_PATH="insecureShop.apk"TARGET_METHOD= [
"Landroid/webkit/SslErrorHandler;", # class name"proceed", # method name"()V"# descriptor
]
OVERRIDE_METHOD= [
"Landroid/webkit/WebViewClient;", # class name"onReceivedSslError", # method name# descriptor"(Landroid/webkit/WebView; Landroid/webkit/SslErrorHandler; Landroid/net/http/SslError;)V"
]
forsslProceedCallerinfindMethodInAPK(SAMPLE_PATH, TARGET_METHOD):
if (sslProceedCaller.name==OVERRIDE_METHOD[1] andsslProceedCaller.descriptor==OVERRIDE_METHOD[2] andOVERRIDE_METHOD[0] insslProceedCaller.findSuperclassHierarchy()):
print(f"CWE-295 is detected in method, {sslProceedCaller.fullName}")
Quark Script Result
$python3 CWE-295.py
Requested API level 29 is larger than maximum we have, returning API level 28 instead.
CWE-295 is detected in method, Lcom/insecureshop/util/CustomWebViewClient; onReceivedSslError (Landroid/webkit/WebView; Landroid/webkit/SslErrorHandler; Landroid/net/http/SslError;)V
The text was updated successfully, but these errors were encountered:
Detect CWE-295 in Android Application (InsecureShop.apk)
This scenario seeks to find Improper Certificate Validation. See CWE-295 for more details.
Let’s use this APK and the above APIs to show how the Quark script finds this vulnerability.
We use the API
findMethodInAPK
to locate allSslErrorHandler.proceed
methods. Then we need to identify whether the methodWebViewClient.onReceivedSslError
is overridden by its subclass.First, we check and make sure that the
MethodInstance.name
isonReceivedSslError
, and theMethodInstance.descriptor
is(Landroid/webkit/WebView; Landroid/webkit/SslErrorHandler; Landroid/net/http/SslError;)V
.Then we use the method API
MethodInstance.findSuperclassHierarchy
to get the supclass list of the method's caller class.Finally, we check the
Landroid/webkit/WebViewClient;
is on the supclass list. If YES , that may cause CWE-295 vulnerability.API Spec
MethodInstance.findSuperclassHierarchy()
Quark Script CWE-295.py
Quark Script Result
The text was updated successfully, but these errors were encountered: