forked from FBrasileiro/Inspeckage
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG
123 lines (94 loc) · 3.36 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Inspeckage - CHANGELOG
2.3
---------------
- Device Fingerprint - override more than 30 parameters such as advertising id, MAC address, IMEI, release, brand, build mode...
- Location - without use "Mock location" functionality, change GPS location to the searched location on the map or enter latitude/longitude
- bug fix
2.2
---------------
- Replaces - now you can replace parameters/return value of hooked methods (+Hooks)
- Sidebar menu (so far)
* Tabs - hooks
* Replaces - shortcut to the Replaces feature
* Tips - some tips about monkeyrunner, decompile, proxy, etc.
* clipboard input
* share options
- "clear log" option in all tabs
- bug fix
2.1
---------------
- Classes and Methods tree in +Hooks modal - now you can see all classes and methods of your target, select any method and add with new Hook!
- bug fix
2.0
---------------
- New menu option "SSL / Authentication" (only Android 6) - Now you can use https with basic authentication.
- SSL uncheck (pinning bypass) - okhttp3
- Android 6 permissions fix
1.4.1
---------------
- add the option "Bind to address" on "Config" app screen - now you can bind to all interfaces, any specific local IP address, or to just the loopback interface.
Note: if you choose a non-loopback interface, other computers maybe can access the Inspeckage.
- bug fix - the "App is running:" always false
1.4
---------------
- tabs with badges (counter);
- for "+ Hooks", FLAG_SECURE and proxy options you dont need restart the app;
- enable/disable hooks (tabs);
- support to android 4.x (experimental);
- android:allowBackup in info area;
- app icon in info area;
- some bug fixes.
1.3
---------------
- New tab "+ Hooks". Now the user can specify new hook's dynamically.
- collapsible app info area
- some bug fixes
1.2
---------------
New logcat.html page. A experimental page with websocket to show some information from the logcat.
1.1b
---------------
Fix the backpressed crash
Fix intent launch not found
Improvements in the Start Activity option
1.0b
---------------
With Inspeckage, we can get a good amount of information about the application's behavior:
== Information gathering
* Requested Permissions;
* App Permissions;
* Shared Libraries;
* Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;
* Check if the app is debuggable or not;
* Version, UID and GIDs;
* etc.
== Hooks (so far)
With the hooks, we can see what the application is doing in real time:
* Shared Preferences (log and file);
* Serialization;
* Crypto;
* Hashes;
* SQLite;
* HTTP (an HTTP proxy tool is still the best alternative);
* File System;
* Miscellaneous (Clipboard, URL.Parse());
* WebView;
* IPC.
== Actions
With Xposed it's possible to perform actions such as start a unexported activity and much else:
* Start any activity (exported and unexported);
* Call any provider (exported and unexported);
* Disable FLAG_SECURE;
* SSL uncheck;
* Start, stop and restart the application.
== Extras
* APK Download;
* View the app's directory tree;
* Download the app's files;
* Download the output generated by hooks in text file format;
* Take a screen capture;
== Configuration
Even though our tool has some hooks to the HTTP libraries, using an external proxy tool is still the best option to analyze the app's traffic. With Inspeckage, you can:
* Add a proxy to the target app;
* Enable and disable proxy;
* Add entries in the arp table.