Endpoint Discovery and URLs

As part of the information gathering phase, search the decoded/decompiled output for all endpoint URLs & APIs.

Decoding & Decompiling APK

If you have not already decoded & decompiled the APK, do that now. See these instructions to perform this step. The high-level steps are also below:

apktool d -o App filename.apk
jadx -d App filename.apk

(This will put all output in the ./App directory)

Pull URL & API Links

While this is not a perfect process, the following commands will dump URLs and APIs out to text files. There will be some cleanup needed after the fact, but these have proven to get the best data.

Dump APIs:

find ./App -type f | xargs grep -Ehoi "(>|\"|')\/[^\"]+(<|\"|')" | tr -d "<" | tr -d ">"| tr -d \" | tr -d \' | grep -v Binary | sort -u >> api_links.txt 2>/dev/null

Dump URLs:

find ./App -type f | xargs grep -Ehoi "(>|\"|')(file|https|http)://[^\"]+(<|\"|')" 2>/dev/null | tr -d "<" | tr -d ">"| tr -d \" | tr -d \' | grep -v Binary | sort -u >> url_links.txt 2>/dev/null

This will result in two text files named api_links.txt & url_links.txt. Review these files for interesting paths or links.

Decoding & Decompiling APK​

Pull URL & API Links​

Decoding & Decompiling APK

Pull URL & API Links