Feb 2023
1h 39m
Episode 6: In this episode of Critical Thinking - Bug Bounty Podcast we sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android.
Follow us on twitter at: @ctbbpodcast
We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io
Shoutout to YTCracker for the awesome intro music!
------ Links ------
Follow your hosts Rhynorater & Teknogeek on twitter:
https://twitter.com/0xteknogeek
https://twitter.com/rhynorater
Joel’s HackerOne Android Hacking Introduction:
Android Pixel Lock Screen Bypass
Exploiting Deeplink URLs:
https://inesmartins.github.io/exploiting-deep-links-in-android-part1/index.html
Joel’s get_schemas tool:
https://github.com/teknogeek/get_schemas
Example AndroidManfest.xml we referenced:
Android docs for intent filters:
https://developer.android.com/guide/components/intents-filters.html
Android docs for “setAllowContentaccess”:
Android docs for “setAllowFileAccess”:
https://developer.android.com/reference/android/webkit/WebSettings#setAllowFileAccess(boolean)
Add JavaScript Interface to Webview:
Joel’s SSL Pinning Bypass:
https://gist.github.com/teknogeek/4dc35fb3801bd7f13e5f0da5b784c725
Google Chrome Docs for Intent URLs:
https://developer.chrome.com/docs/multidevice/android/intents/#considerations
Joel’s Bug Bounty Report: