Skip to content

Leleito/pSlip

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pSlip-ShmooconXX-2025-Slidedeck.pdf
pSlip-ShmooconXX-2025-Slidedeck.pdf
 
 
pSlip.py
pSlip.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

License GitHub release (latest by date) GitHub stars GitHub forks GitHub contributors

Overview

This tool is designed to identify Android apps that could be vulnerable instances of the 'Permission-Slip' attack; AKA a 'Confused Deputy'.

This occurs when an application is leveraged into performing actions on behalf of a less privileged app & results in elevated permissions.

Features

  • Parses APK files to extract manifest information.
  • Hardcoded AES keys and IVs in the application code.
  • Displays all permissions requested by the application.
  • Provides example ADB commands to test identified activities.
  • Exported activities that handle android.intent.action.CALL intents.
  • Exported activities or activity-aliases with intent filters that have the javascript scheme.
  • Exported activities intent with intent filters that require potentially vulnerable permissions that are set to a 'normal' or weak permission-level.

Dependencies

  • Python 3
  • apktool (for decoding APK files)
  • jadx (for decompiling APKs, required for AES scanning)

How It Works

By examining the application's manifest and identifying exported activities that can handle specific intents, pSlip helps pinpoint areas where the app might be susceptible to such attacks.

This enables security researchers and developers to identify and mitigate these vulnerabilities.

Installation

  1. Clone the repository: 
    git clone https://github.com/actuator/pSlip.git
cd pSlip

Usage

The script supports the following flags:

  • -h, --help Show help message and exit.
  • -p List all permissions requested by the application.
  • -perm Scan for custom permissions with a 'normal' protection level.
  • -js Scan for JavaScript injection vulnerabilities.
  • -call Scan for components using dangerous CALL intents.
  • -aes Scan for hardcoded AES keys and IVs.
  • -all Scan for all of the above.
  • -allsafe Same as -all but skips AES check for faster scans and stability

Example Usage

To analyze a single APK file:

python pSlip.py path/to/your.apk -js -call -html report.htm

To analyze all APK files in a directory:

python pSlip.py path/to/directory -all -html report.htm

Once potential vulnerabilities are detected, the pSlip generates POC ADB commands to test the identified components when applicable.

It is important to note that this tool relies on parsing the Android manifest for intent filter entries, whose presence or absence may not be indicative of exploitability.

Contributing

Pull requests are welcome, however for major changes please open an issue first to discuss what you would like to change.

I appreciate any contributions that improve the functionality and usability of the tool.

About

pSlip is an Android static analysis toolkit designed to scan APK's and detect applications exposing dangerous permissions.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Python 100.0%