WEBVTT 00:00.850 --> 00:08.530 Now, I have to say before starting this lecture that you do not mix these two things, log in and logging, 00:09.250 --> 00:09.610 right? 00:09.670 --> 00:16.690 I mean, hopefully, you know that already, but logging is about the log messages that are produced 00:16.690 --> 00:20.770 by an application when performing any number of tasks. 00:20.770 --> 00:21.070 Right. 00:23.080 --> 00:31.480 We can also capture important information from the log messages insecure bank application uses Log Dot 00:31.480 --> 00:34.930 D as its method to produce log messages. 00:35.290 --> 00:35.700 All right. 00:36.400 --> 00:38.620 So let's get started. 00:39.650 --> 00:41.150 Open the bytecode viewer. 00:42.070 --> 00:45.910 And let's look at the do log in activity. 00:49.400 --> 00:53.030 Now, there's no law class here, so open the other one. 00:55.290 --> 00:56.130 And let's search it. 01:00.250 --> 01:01.660 Aha, here it is. 01:02.630 --> 01:10.770 The do log in activity produces a debug log message whenever a user attempts to log in using the log 01:10.770 --> 01:11.730 dot the method. 01:12.620 --> 01:16.070 So these logs can be dumped using log cad. 01:17.130 --> 01:23.460 Lorgat is a command line tool that dumps a log of system messages, including stack traces when the 01:23.460 --> 01:30.480 device was an error and messages that you have written from your app with the long glass usually used 01:30.480 --> 01:33.610 by developers to check if the application is working properly. 01:34.610 --> 01:38.390 You see where we're going with this, so let's try to capture these logs. 01:39.350 --> 01:41.090 So first, we'll check the connectivity. 01:42.040 --> 01:43.570 All right, that's not a problem. 01:44.760 --> 01:46.560 Run EDB Lorgat. 01:47.710 --> 01:50.650 And as you can see, there are lots and lots of log messages. 01:51.790 --> 01:56.640 So we need to only get the credentials so we can filter the results. 01:57.760 --> 02:02.650 Although it can be a little complicated, you can always do it with a few Linux commands. 02:04.780 --> 02:10.390 So the command that you see here on the screen, we can get the log message that we want. 02:11.940 --> 02:20.190 The grid command allows us to search plaintext data sets for lines that match a regular expression. 02:22.390 --> 02:27.490 OK, is mostly used for pattern scanning and processing. 02:30.190 --> 02:32.560 So let's log into the app and see the result. 02:36.400 --> 02:42.300 And as you can see, just by filtering, we reached the log message so much easier. 02:44.480 --> 02:50.920 Of course, his command is very complicated and there's alternative solutions to get the credentials 02:50.920 --> 02:52.090 from log messages. 02:54.170 --> 02:57.860 There's a very useful tool that makes this process easy. 02:58.160 --> 03:06.560 It's called PIDE Cat, and it's an excellent log color script, which only shows the log entries for 03:06.560 --> 03:10.310 processes from a specific application package. 03:11.810 --> 03:17.330 In fact, we can even install the Pinkert with the Apte get installed command. 03:19.310 --> 03:21.670 So let's run Pidcock to see if it works. 03:24.200 --> 03:29.570 OK, now we need to supply the target package as a sole argument to Pigot. 03:31.130 --> 03:34.010 Animal, right, pig, cat, and give the package name. 03:38.790 --> 03:43.020 OK, so definitely more useful and a great tool. 03:44.340 --> 03:45.960 So log into the app again. 03:49.630 --> 03:55.510 And what do you know, there's a successful Log-in message and get the credentials.