GitBook: [master] 2 pages modified

Author: carlospolop

mobile-apps-pentesting/android-app-pentesting/react-native-application.md

@@ -5,7 +5,7 @@
 React Native is a **mobile application framework** that is most commonly used to develop applications for **Android** and **iOS** by enabling the use of React and native platform capabilities. These days, it’s become increasingly popular to use React across platforms.  
 But most of the time, the core logic of the application lies in the React Native **JavaScript that can be obtained** without needing to use dex2jar.
 
-#### **Step-1**: Let’s confirm whether the application was built on React Native framework.
+### **Step-1**: Let’s confirm whether the application was built on React Native framework.
 
 To check this, rename the APK with zip extension and then extract the APK to a new folder using the following command
 
@@ -18,21 +18,21 @@ Browse to the newly created `ReactNative` folder, and find the `assets` folder.
 
 ![Image for post](https://miro.medium.com/max/1559/1*enjF2H7PclRAIcNCxDIOJw.png)
 
-#### **Step-2**: Creating a file named `index.html` in the same directory with the following code in it.
+### **Step-2**: Creating a file named `index.html` in the same directory with the following code in it.
+
+You can upload the file to [https://spaceraccoon.github.io/webpack-exploder/](https://spaceraccoon.github.io/webpack-exploder/) or proceed with the following steps:
 
 ```markup
 <script src="./index.android.bundle"></script>
 ```
 
-React Native Reverse Engineering
-
 ![Image for post](https://miro.medium.com/max/1526/1*Qrg2jrXF8UxwbbRJJVWmRw.png)
 
 Open the **index.html** file in **Google Chrome**. Open up the Developer Toolbar \(**Command+Option+J for OS X or Control+Shift+J for Windows**\), and click on “Sources”. You should see a JavaScript file, split up into folders and files that make up the main bundle.
 
 > If you are able to find a file called `index.android.bundle.map`, you will be able to analyze the source code in an unminified format. `map` files contain the source mapping that allows you to map minified identifiers.
 
-#### **Step-3**: search for sensitive credentials and endpoints
+### **Step-3**: search for sensitive credentials and endpoints
 
 In this phase, you have to identify the **sensitive keywords** to analyze the **Javascript** code. A pattern that is popular with React Native applications, is the use of a third party services like such as Firebase, AWS s3 service endpoints, private keys etc.,
 

pentesting/pentesting-web/buckets/firebase-database.md

@@ -30,7 +30,27 @@ python FirebaseScanner.py -f <commaSeperatedFirebaseProjectNames>
 
 ### Authenticated
 
-If you have credentials to access the Firebase database you can use a tool such as [**Baserunner**](https://github.com/iosiro/baserunner) to access more easily the stored information.
+If you have credentials to access the Firebase database you can use a tool such as [**Baserunner**](https://github.com/iosiro/baserunner) to access more easily the stored information. Or a script like the following:
+
+```python
+#Taken from https://blog.assetnote.io/bug-bounty/2020/02/01/expanding-attack-surface-react-native/
+import pyrebase
+
+config = {
+  "apiKey": "FIREBASE_API_KEY",
+  "authDomain": "FIREBASE_AUTH_DOMAIN_ID.firebaseapp.com",
+  "databaseURL": "https://FIREBASE_AUTH_DOMAIN_ID.firebaseio.com",
+  "storageBucket": "FIREBASE_AUTH_DOMAIN_ID.appspot.com",
+}
+
+firebase = pyrebase.initialize_app(config)
+
+db = firebase.database()
+
+print(db.get())
+```
+
+To test other actions on the database, such as writing to the database, refer to the Pyrebase documentation which can be found [here](https://github.com/thisbejim/Pyrebase).
 
 ### Access info with APPID and API Key