FireVu - Intentionally Vulnerable Android Application
-important){kind=icon}
FireVu is an intentionally vulnerable Android application developed for Android open source security. The initial goal was to demonstrate the misconfigured Firebase database of mobile apps. I have added a few more vulnerabilities for learning purpose.
- Misconfigured Firebase Database.
- Misconfigured Firebase Storage.
- Vulnerable Exported content provider.
- Vulnerable Exported activities.
- Insecure data storage.
- Insecure logging.
- Android Backup vulnerability.
- Application Debuggable.
For finding the Misconfigured Firebase vulnerability in FireVu,Check my
1. Supported Version: Android 9 (pie) device or use genymotion android 9 emulator.
2. Supported(Tested) screen sizes :1080*1920 and 1080*2010.
3. Install Open GApps and ARM translation in genymotion.
5. App requires internet for user login (Firebase Authentication).
1. Download the FireVu.apk file.
2. Open apk file and tap 'Install'.
3. Enable Install Unknown apps.
4. Drag and drop the FireVu.apk file into genymotion emulator.
5. Disable verify apps over USB.
-
Attack suraface of the application.
-
User Registration (Enable Internet Access).
You can use any random email id.There is no email verification (But you can't register with an email which is already in use).
-
User Login (Enable Internet Access)
Login with your registered account or use the default Credentials.
