Added attack code to perform Intent Sniffing

Author: dineshshetty

InsecureBankv2.apk

@@ -221,6 +221,8 @@ private void broadcastChangepasswordSMS(String phoneNumber, String pass) {
         {
             Intent smsIntent = new Intent();
             smsIntent.setAction("theBroadcast");
+         //   String actdns= smsIntent.getAction().toString();
+          //  Toast.makeText(getApplicationContext(),actdns , Toast.LENGTH_LONG).show();
             smsIntent.putExtra("phonenumber", phoneNumber);
             smsIntent.putExtra("newpass", pass);
             sendBroadcast(smsIntent);

InsecureBankv2/.idea/misc.xml

@@ -32,7 +32,9 @@
 public class LoginActivity extends Activity {
 	//	The Button that calls the authentication function
 	Button login_buttons;
-	//	The EditText that holds the username entered by the user
+    //	The Button that calls the create user function
+    Button createuser_buttons;
+    //	The EditText that holds the username entered by the user
 	EditText Username_Text;
 	//	The EditText that holds the password entered by the user
 	EditText Password_Text;
@@ -59,6 +61,15 @@ public void onClick(View v) {
                 // TODO Auto-generated method stub
                 performlogin();
             }
+        });
+        createuser_buttons = (Button) findViewById(R.id.button_CreateUser);
+        createuser_buttons.setOnClickListener(new View.OnClickListener() {
+
+            @Override
+            public void onClick(View v) {
+                // TODO Auto-generated method stub
+                createUser();
+            }
         });
 		fillData_button = (Button) findViewById(R.id.fill_data);
 		fillData_button.setOnClickListener(new View.OnClickListener() {
@@ -77,11 +88,22 @@ public void onClick(View v) {
 
 	}
 
-	/*
-	The function that allows the user to autofill the credentials
-	if the user has logged in successfully atleast one earlier using
-	that device
-	*/
+    /*
+    The function that allows the user to create new user credentials.
+    This functionality is available only to the admin user.
+    <<WIP Code>>
+    ToDo: Add functionality here.
+    */
+    protected void createUser() {
+        Toast.makeText(this, "Create User functionality is still Work-In-Progress!!", Toast.LENGTH_LONG).show();
+
+    }
+
+    /*
+    The function that allows the user to autofill the credentials
+    if the user has logged in successfully atleast one earlier using
+    that device
+    */
 	protected void fillData() throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {
 		// TODO Auto-generated method stub
 		SharedPreferences settings = getSharedPreferences(MYPREFS, 0);

InsecureBankv2/app/app-debug.apk

@@ -5,6 +5,7 @@ InsecureBankv2 Readme
 This is a major update to one of my previous projects - "InsecureBank". This vulnerable Android application is named "InsecureBankv2" and is made for security enthusiasts and developers to learn the Android insecurities by testing this vulnerable application. Its back-end server component is written in python. The client component i.e. the Android InsecureBank.apk can be downloaded along with the source. The list of vulnerabilities that are currently included in this release are:
 
 * Flawed Broadcast Receivers
+* Intent Sniffing and Injection
 * Weak Authorization mechanism
 * Local Encryption issues
 * Vulnerable Activity Components
@@ -30,6 +31,7 @@ This is a major update to one of my previous projects - "InsecureBank". This vul
 
 Below are some of the other vulnerabilities that I am working on currently - and will be added as soon as I make sure that it does not break any of the other existing features:
 * Local SQL Injection
-* SMS based Denial-Of-Service
+* Intent based Denial-Of-Service - SMS
 * LockScreen Bypass
-
+* Location Spoofing
+* Dead Code

InsecureBankv2/app/src/main/java/com/android/insecurebankv2/ChangePassword.java

@@ -0,0 +1,7 @@
+.gradle
+/local.properties
+/.idea/workspace.xml
+/.idea/libraries
+.DS_Store
+/build
+/captures