How To: Hunting For Data Leaks In Google FireBase


In mid-2018, Appthority released a report detailing a vulnerability in Google's, a database backend used by thousands of mobile apps.


Potentially sensitive data is available via accessing URLs of the form https://<APPNAME> By so doing, you can gain access to all unprotected data in that particular database. If your organization develops and/or deploys mobile apps, you should check to see whether they are using FireBase, and if so, whether any data is being exposed.

One quick way to do this:

wget;cat .json |python -m json.tool

The above command will grab the contents from the appropriate URL, and pretty-print it using Python’s json.tool module.

You can also quickly check to see whether the data exists thusly:

curl -sL -w "%{http_code} %{url_effective}\\n" "" -o /dev/null

This will return the HTTP response code followed by the URL. 200 indicates the data is present, and 404 tells you there’s nothing there.

HowToAnalyst TipsBlue TeamRed TeamHunt