API Endpoint leads to Account Takeover In Android Application

Hello Readers

This is  My First blog post  about my research in Android Application ,

TO Chaliye Shuru Karte hai !!!

What is TOKEN in API ?

Tokens are used in token-based authentication to allow an application to access an API. The application receives an Access Token after a user successfully authenticates and authorizes access, then passes the Access Token as a credential when it calls the target API.

"each user having their own token for maintaining authenticity" 

For Account takeover we need to have users email 

 1 Getting Token For user using API endpoint

    Intercept the request For this URL

   Send the request to repeater 
   Enter  user id of victim , and check response will get token


 aapchronologysamjiye hashtag on Twitter


2 Using token What Attacker can DO :

 Attacker Perform All Operations provided in Android Application using this vulnerability

For example
   1 update profile of any user
   2 get profile Of any user

   3 get_payment_history
   4 withdraw_request

Thanks for reading


Post a comment

Popular posts