Welcome to BugBazaar, your gateway to mastering Mobile penetration testing on the Android platform!

BugBazaar is a comprehensive mobile application intentionally designed to be vulnerable, featuring over 30 vulnerabilities. Developed to emulate real-world scenarios, it includes more than 10 modules and features, each replicating real-world functions and the vulnerabilities surrounding them.

We've bundled 30+ vulnerabilities into a single application, saving you from downloading multiple apps to learn about mobile application pentesting. We've packed a lot into one.

Whether you're a security enthusiast, developer, beginner exploring the mobile pentesting arena, or a professional looking to hone your skills, BugBazaar has something for everyone on the mobile pentesting learning curve.

BugBazaar offers a wide range of vulnerabilities, from "RCE through insecure Dynamic Code Loading" to "One Click Account Takeover via deeplink." We cover "intent Spoofing" to "SQLite db injection," "WebView" bugs to "IPC" misconfigurations in Android  — we've got a lot of things covered.

What's more exciting? Stay in sync with the evolving landscape! BugBazaar regularly updates with fresh vulnerabilities and captivating challenges. Stay vigilant, stay ahead! Get Started Today!

• XSS
• OPEN REDIRECTION
• Stealing User token Via javascript Interface
• Access of Arbitrary files via insecure Flags
• Stealing of Arbitrary files via Insecure WebResourceResponse
• Account Takeover via Steal Session id

• Intent interception
• Account takeover via intent Spoofing
• Steal User's Contact via Insecure Pending Intent
• RCE through insecure Dynamic Code Loading

• CSRF
• Deep link hijacking
• Content Spoofing
• One Click Account Takeover

• Exported Components
• Steal User's Contact via typo permission in Content Provider
• Arbitrary data write to Content provider
• Access to Protected Components via Recevier

• SQL Injection via user input

• Improper Input Validation
• Insecure Logging
• Insecure Storage
• Unrestricted file upload
• Firebase Misconfiguration
• Passcode Bypass
• Copy paster Buffer
• Tapjacking
• hardcoded secrets
• Improper exception Handling
• Debuggable
• Backup enabled
• Task Hijacking
• Man in the Disk Attack

• EASY LEVEL

  • RootBear Library

• MEDIUM LEVEL

  • Magisk detect
  • Emulator Check
  • FRIDA DETECTION

• ADVANCE LEVEL - !!! IN PROGRESS WILL UPDATE IN NEXT RELEASE

// MANY MORE BUGS !!! COMING SOON 😎