This repository contains a full assessment of the vulnerable InsecureShop.apk Android application.
It demonstrates static and dynamic analysis techniques including:
- Decompiling APKs using JADX
- Runtime bypasses using Frida
- Network traffic interception using Charles Proxy
- SSL pinning bypass via dynamic instrumentation
| Folder/File | Description |
|---|---|
InsecureShop_Assessment_Report.* |
Final report in Markdown, PDF, and HTML formats |
scripts/ |
Frida hook scripts (login_bypass.js, root_debug_bypass.js) |
screenshots/ |
Screenshots showing JADX findings, Frida output, SSL bypass |
video/ |
5–10 minute walkthrough demo |
jadx-guiFridaCharles ProxyAndroid Emulator (Pixel 5, API 34)Android Studio Koala
- Extract undocumented authentication logic
- Demonstrate forced login using Frida
- Simulate root/debug detection and bypass it
- Intercept HTTPS traffic after bypassing SSL pinning
© 2025 Santosh Lokhande