DeepLinkHijackingPoC

Create PoC Android Apps for Deep Link Hijacking.

Description

A script that automates the creation of an Android application which receives deep links of the specified URL, for the purpose of creating a Proof-of-Concept of Deep Link Hijacking for Android Security assessments (Android Penetration Tests).

Modifies the deep link scheme and host portions of the AndroidManifest.xml of a template project with, then compiles it using gradle.

Requirements

Python3

adb (Android Debug Bridge) - Optional. Only required for the install option.

Usage

usage: DeepLinkHijacker.py [-h] -l DEEPLINK [-o OUTPUT] [-i]

Deep Link Hijacking Proof-of-Concept Builder - Creates an application for testing Deep Link Hijacking.

optional arguments:
  -h, --help            show this help message and exit
  -l DEEPLINK, --link DEEPLINK
                        Deep Link to hijack using the application.
  -o OUTPUT, --output OUTPUT
                        Output location for application.
  -i, --install         Install application after build.

Example:

Creates the PoC app receiving deep links for "testApp://test/".

python3 DeepLinkHijacker.py -l "testApp://test/"

Creates the PoC app and copies the package to the directory - with the name 'DeepLinkHijackingPoCApp-release.apk', or with the specified name.

python3 DeepLinkHijacker.py -l "testApp://test/" -o "./dir"

python3 DeepLinkHijacker.py -l "testApp://test/" -o "./dir/pocApp.apk"

Creates the PoC app and installs it via 'adb'.

python3 DeepLinkHijacker.py -l "testApp://test/" -i