s mart g en exposing server urls of mobile apps with
play

S MART G EN : Exposing Server URLs of Mobile Apps with Selective - PowerPoint PPT Presentation

Feb 04, 2024 •167 likes •620 views

Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References S MART G EN : Exposing Server URLs of Mobile Apps with Selective Symbolic Execution Chaoshun Zuo Zhiqiang Lin Department of Computer Science

  1. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References S MART G EN : Exposing Server URLs of Mobile Apps with Selective Symbolic Execution Chaoshun Zuo Zhiqiang Lin Department of Computer Science University of Texas at Dallas April 6th, 2017

  2. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Server URLs https://www.google.com/search?q=www+2017

  3. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Server URLs https://www.google.com/search?q=www+2017 A URL includes Domain name 1 Resource path 2 Query parameters 3 ... 4

  4. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Server URLs https://www.google.com/search?q=www+2017 A URL includes Security Applications Domain name Hidden service identification 1 1 Resource path Malicious website detection 2 2 Query parameters Server vulnerability fuzzing 3 3 ... ... 4 4

  5. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Browsers’ URLs vs. Mobile Apps’ URLs

  6. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Browsers’ URLs vs. Mobile Apps’ URLs Source: cloudxtension.com

  7. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Security Implications of the URLs in Mobile Apps Hiding the URLs may allow the 1 servers to collect some private sensitive information Mobile apps may talk to some 2 unwanted services (e.g., malicious ads sites) False illusions (security 3 through obscurity) to the app developers that their services are secure (server URLs are hidden, none knows and none Source: cloudxtension.com will attack (or fuzz) them).

  8. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Security Implications of the URLs in Mobile Apps Hiding the URLs may allow the 1 servers to collect some private sensitive information Mobile apps may talk to some 2 unwanted services (e.g., malicious ads sites) False illusions (security 3 through obscurity) to the app developers that their services are secure (server URLs are hidden, none knows and none Source: cloudxtension.com will attack (or fuzz) them). It is imperative to expose the server URLs from mobile apps

  9. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References A Movitating Example: ShopClues Figure: The password reset activity of ShopClues (between 10 million and 50 million installs).

  10. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References A Movitating Example: ShopClues PUT /api/v9/forgotpassword?key=d12121c70dda5edfgd1df6633fdb36c0 HTTP/1.1 Content-Type: application/json Connection: close User-Agent: Dalvik/1.6.0 (Linux; Android 4.2) Host: sm.shopclues.com Accept-Encoding: gzip Content-Length: 73 {"user_email":”testmobileserver@gmail.com","key":"d12121c70dda5e dfgd1df6633fdb36c0"} There was an SQL injection vulnerability at this password reset interface

  11. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Which Analysis We Should Use? Static Analysis vs. Dynamic Analysis vs. Symbolic Execution PUT /api/v9/forgotpassword?key=d12121c70dda5edfgd1df6633fdb36c0 HTTP/1.1 Content-Type: application/json Connection: close User-Agent: Dalvik/1.6.0 (Linux; Android 4.2) Host: sm.shopclues.com Accept-Encoding: gzip Content-Length: 73 {"user_email":”testmobileserver@gmail.com","key":"d12121c70dda5e dfgd1df6633fdb36c0"}

  12. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Which Analysis We Should Use? Static Analysis vs. Dynamic Analysis vs. Symbolic Execution PUT /api/v9/forgotpassword?key=d12121c70dda5edfgd1df6633fdb36c0 HTTP/1.1 Content-Type: application/json Connection: close User-Agent: Dalvik/1.6.0 (Linux; Android 4.2) Host: sm.shopclues.com Accept-Encoding: gzip Content-Length: 73 {"user_email":”testmobileserver@gmail.com","key":"d12121c70dda5e dfgd1df6633fdb36c0"} Static Analysis String cantenation Crypto keys

  13. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Which Analysis We Should Use? Static Analysis vs. Dynamic Analysis vs. Symbolic Execution PUT /api/v9/forgotpassword?key=d12121c70dda5edfgd1df6633fdb36c0 HTTP/1.1 Content-Type: application/json Connection: close User-Agent: Dalvik/1.6.0 (Linux; Android 4.2) Host: sm.shopclues.com Accept-Encoding: gzip Content-Length: 73 {"user_email":”testmobileserver@gmail.com","key":"d12121c70dda5e dfgd1df6633fdb36c0"} Static Analysis Dynamic Analysis Random inputs String cantenation Incompleteness Crypto keys ...

  14. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Which Analysis We Should Use? Static Analysis vs. Dynamic Analysis vs. Symbolic Execution PUT /api/v9/forgotpassword?key=d12121c70dda5edfgd1df6633fdb36c0 HTTP/1.1 Content-Type: application/json Connection: close User-Agent: Dalvik/1.6.0 (Linux; Android 4.2) Host: sm.shopclues.com Accept-Encoding: gzip Content-Length: 73 {"user_email":”testmobileserver@gmail.com","key":"d12121c70dda5e dfgd1df6633fdb36c0"} Static Analysis Dynamic Analysis Symbolic Execution Random inputs Systematic String cantenation Incompleteness Automated Crypto keys ... ...

  15. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Symbolic Execution Generating Inputs Based on Program Code 1 package com.shopclues; 2 3 class y implements View$OnClickListener { 4 EditText b; 5 ... 6 public void onClick(View arg5) { 7 String v0 = this.b.getText().toString().trim(); 8 if(v0.equalsIgnoreCase("")) { 9 Toast.makeText(this.a, "Email Id should not be empty", 1).show(); 10 } 11 else if(!al.a(v0)) { 12 Toast.makeText(this.a, "The email entered is not a valid email", 1).show(); 13 } 14 else if(al.b(this.a)) { 15 this.a.c = new ac(this.a, v0); 16 this.a.c.execute(new Void[0]); 17 } 18 else { 19 Toast.makeText(this.a, "Please check your internet connection", 1).show(); 20 } 21 } 22 }

  16. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Various Constraints in Mobile Apps Various Constraints Two text-box’s inputs need to be equivalent 1 The “age” needs to be greater than 18 2 A “zip code” needs to be a five digit sequence 3 A “phone number” needs to be a phone number 4 A file name extension needs to be some type (e.g., jpg ) 5 ... 6

  17. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Introducing S MART G EN Dynamic Analysis Request Extracting Path Request Building ECG Message APK APK Constraints Messages Generation Solving the Runtime Instrumentation Constraints Static Analysis Selective Symbolic Execution Real Phone Automated Systematic Scalable

  18. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Introducing S MART G EN Dynamic Analysis Request Extracting Path Request Building ECG Message APK APK Constraints Messages Generation Solving the Runtime Instrumentation Constraints Static Analysis Selective Symbolic Execution Real Phone Static analysis Selective symbolic execution Dynamic analysis

  19. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Static Analysis Dynamic Analysis Request Extracting Path Request Building ECG Message APK APK Constraints Messages Generation Solving the Runtime Constraints Instrumentation Static Analysis Selective Symbolic Execution Real Phone Using soot [soo] framework Building extended call graph (ECG) EdgeMiner [CFB + 15] for callbacks

  20. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Selective Symbolic Execution Dynamic Analysis Request Extracting Path Request Building ECG Message APK APK Constraints Messages Generation Solving the Runtime Instrumentation Constraints Static Analysis Selective Symbolic Execution Real Phone Data flow analysis (w/ FlowDroid [ARF + 14]) Extract the path constraints Solve them w/ Z3-str [ZZG13]

  21. Motivation S MART G EN Design Applications Evaluation Related Work Conclusion References Selective Symbolic Execution Dynamic Analysis Request Extracting Path Request Building ECG Message APK APK Constraints Messages Generation Solving the Runtime Instrumentation Constraints Static Analysis Selective Symbolic Execution Real Phone Data flow analysis (w/ Why Selective : only on the FlowDroid [ARF + 14]) execution path of network Extract the path constraints sending APIs (to trigger the request messages) Solve them w/ Z3-str [ZZG13]

Recommend

RICH HTML/JS APPS with KNOCKOUT.JS, MOBILE SERVICES and no web server STEVEN SANDERSON,

RICH HTML/JS APPS with KNOCKOUT.JS, MOBILE SERVICES and no web server STEVEN SANDERSON,

RICH HTML/JS APPS with KNOCKOUT.JS, MOBILE SERVICES and no web server STEVEN SANDERSON, MICROSOFT @STEVENSANDERSON WHATS IN THIS TALK? SPA VIEWS 1. KNOCKOUT.JS MODELS VIEWMODELS NO WEB BUZZWORDS MAGIC SERVER 2. CLOUD BACKENDS FUN

509 views • 12 slides
Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking

Secure Communication in Client-Server Android Apps With a bias towards mobile banking applications. AFRICA HACKON CONFERENCE, 2016. Convergent Security. whoami Masters Candidate Ethical Hacker Web Developer Jazz fan

599 views • 20 slides
Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1

Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1

Using Node.js to improve the performance of Mobile apps and Mobile web Tom Hughes-Croucher @sh 1 mmer Scalable Server-Side Code with JavaScript Who is Tom? Wrote W3C Standards 10+ years in the web industry Node Worked on projects

705 views • 58 slides
Server-side Scripting Slides courtesy of Xenia Mountrouidou URLs and web servers 2

Server-side Scripting Slides courtesy of Xenia Mountrouidou URLs and web servers 2

Server-side Scripting Slides courtesy of Xenia Mountrouidou URLs and web servers 2 http://server/path/file Usually when you type a URL in your browser: Your computer looks up the server's IP address using DNS Your browser connects

645 views • 36 slides
Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps

Educational Mobile Apps Dr. Agnieszka (Aga) Palalas October 2013 1 Educational Mobile Apps Outcome : To determine the key benefits and uses of mobile apps inside and outside the classroom. To identify the main issues to be considered when

620 views • 14 slides
Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project

Mobile Apps INFM 603 Week 10 Agenda Questions Mobile Apps HCI Project discussions Native Apps Live on device Access to all device features GPS, accelerometer, compass, list of contacts Written for specific

654 views • 38 slides
Server side basics 1 CS380 URLs and web servers 2 http://server/path/file Usually when you

Server side basics 1 CS380 URLs and web servers 2 http://server/path/file Usually when you

Server side basics 1 CS380 URLs and web servers 2 http://server/path/file Usually when you type a URL in your browser: Your computer looks up the server's IP address using DNS Your browser connects to that IP address and requests

733 views • 39 slides
A Lap Around NativeScript TJ VanToll | @tjvantoll Server-Side Code Desktop applications Mobile

A Lap Around NativeScript TJ VanToll | @tjvantoll Server-Side Code Desktop applications Mobile

A Lap Around NativeScript TJ VanToll | @tjvantoll Server-Side Code Desktop applications Mobile apps What is NativeScript? A runtime for building and running native iOS and Android apps with a single, JavaScript code base != != No DOM

522 views • 18 slides
Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the

Mobile Apps in the Phone: (248) 470-3257 Email: Linda@GoMobileMichigan.org Marketplace Twitter: twitter.com/GoMobileMI Mobile Apps in the Marketplace Mobile Technology Association of Michigan 1 Mobile Apps in the Phone: (248)

611 views • 32 slides
Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015

Delivering Delight to Mobile App Customers Our Apps. PRESENTATION NAME GOES HERE 2013 2015 2016/2017 New features in Adobe Mobile The Lott Mobile Apps are Tatts.com Mobile Apps Services are released to launched (Tatts.com

396 views • 24 slides
Designing Effective Websites Day 5 - May 1 Did you find any URLs like these? Have you come

Designing Effective Websites Day 5 - May 1 Did you find any URLs like these? Have you come

Designing Effective Websites Day 5 - May 1 Did you find any URLs like these? Have you come across URL' like these: Building a Mobile Website Some opt to build a separate (secondary) site for mobile Not necessarily a flawed approach

465 views • 30 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil

10 th Stakeholders Forum Harnessing mobile apps and social media for product safety Phil Tregunno, MHRA WEB-RADR Consortium Mobile Apps Mobile technology Apps Launched Package under development for other MS by the end of the project

368 views • 17 slides
Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile

Responsive Webapps & Mobile Apps Mobile-friendly CSS frameworks and introduction to mobile apps CS 370 SE Practicum, Cengiz Gnay (Some slides courtesy of Eugene Agichtein and the Internets) CS 370, Gnay (Emory) Responsive Webapps &

1.21k views • 67 slides
The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700 institutions worldwide expose metadata via the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH) using open standards like URI, HTTP ,

224 views • 19 slides
Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team

Building Pinterests Mobile Apps Mike Beltzner Product Manager Garrett Moon Mobile Team (iOS) Discover Pinterest Engineers Building Pinterests Mobile Apps Pinterest and mobile Launched iPhone app in 2011 Summer of Apps in

625 views • 36 slides
Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director &

Mobile Apps Marketing strategies November 23 2015 Mohamed Abdeljalil Managing Director & Co-Founder of MIMV Technology MOBILE APPS: Time for Introduction ! 2 App IS Millions of Apps are released in the App stores, hundreds are

664 views • 49 slides
mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is

mobile measurements: the mobile app / OS perspective Why understanding mobile app performance is hard cellular performance matters to some apps most demanding apps multiplayer gaming VoIP video chat somewhat demanding web

806 views • 52 slides
Mobile Apps Often Need to Talk to a Remote server Internet Internet Saving resources (e.g.,

Mobile Apps Often Need to Talk to a Remote server Internet Internet Saving resources (e.g.,

Introduction Overview Detailed Design Evaluation Discussion Related Work Summary References Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Chaoshun Zuo , Wubing Wang

347 views • 34 slides
WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO

WELCOME How to build Mobile apps for Magento stores Jenny Ta Max Ta Marketing manager CTO SimiCart.com| Magento in a mobile app Agenda - Opportunities to come - Hurdles to overcome - Build mobile apps. Without mobile coding - Q&A

570 views • 23 slides
Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January

Mobile Apps for Use in the City a living lab event about smart city mobile apps 26-27 January 2013, Sofia Dr Stavri Nikolov Digital Spaces Living Lab Founding Director stavri.nikolov@digitalspaces.info Digital Spaces Living Lab (DSLL) PLAYS

307 views • 29 slides
X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps

X A M A R I N . F O R M S F O R B E G I N N E R S A B O U T M E Tom Soderling Sr. Mobile Apps Developer @ Polaris Industries; Ride Command Xamarin.Forms enthusiast DevOps hobbyist & machine learning beginner 4 year XCMD Blog:

607 views • 43 slides
Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile

Mobile und Touch-Basierte Web Applikationen Mobile and Touch-Based Web Applications Corsin Decurtins Welcome Please switch off your mobile phones ... No wait! Introduction Mobile Applications Apps Web Apps Facebook cnn.com Gmail Twitter

797 views • 53 slides
School&Apps Parents(are(mobile.( Their(schools(should(be(too!

School&Apps Parents(are(mobile.( Their(schools(should(be(too!

School&Apps Parents(are(mobile.( Their(schools(should(be(too! Customized&app&for&your&school& Your%app%will%be% available%on%Apple%store% and%Google%play% SaasMicro School%Apps%provide%a%versatile%and%instant%way%for%

614 views • 19 slides

More recommend