CTF challenge oauthbreaker. Level:Moderate, Name:Oauthbreaker Flags:2. This challenge provides an android application named oauth.apk. oauth.apk -> This app has 2 activities. First activity is MainActivity with authenticate button. On clicking this button a url will open in new web browser with option "Authorize Mobile Application". Opening the link available in web browser redirects to the second activity which is BrowserActivity. BrowserActivity is to load url using webview. Application flow: OAuth mobile application(MainActivity) -> Web browser -> OAuth mobile application(BrowserActivity) URLs at each stage: Authenticate button in MainActivity opens the link: http://35.227.24.107/XXXXXXXXXX/oauth?redirect_url=oauth://final/login&response_type=token&scope=all . Opening the link "Authorize Mobile Application" present in web browser redirects to BrowserActivity in oauth app. This BrowserActivity loads a predefined URL: http://35.227.24.10...