Fuzz the intents and try to capture screen for analysis
mzfr opened this issue · comments
Mehtab Zafar commented
This is a weird idea that I have right now so I am just going to write this down for now.
https://twitter.com/B3nac/status/1363343245934284801
b3nac did lot of these streams where he fuzzed deeplinks using radamsa. Maybe we can have a functionality which will just extract all the supported schemes from the manifest and then it will use them to send legit URL etc and capture the screen(using adb).
Ex:
slicer fuzz com.github.android
and it try things like:
github://<PREDEFINED_URL_LIST>
problem here is that I am not sure how to make it smart
Mehtab Zafar commented
Actually I just realized maybe it's not good cause just passing a normal URL to the fuzzer might do the trick