Android Pentesting-Setting up lab

Setting up Gennymotion

Gennymotion is a virutalbox based android emulator that is used for testing mobile application , so download the version that comes with virtualbox

Setting up ADB

Download adb tools from here , make sure it’s the as issues can up if your using old version of adb tools and the sdk version of the device is at higher version.

  • adb shell that will give a shell on the device
  • adb install filename.apk this will install apk on the device
  • adb push file /data/local/tmp this will copy files onto android device and usually /data/local/tmp path is used

Installing Magisk & EdXposed

This isn’t really necessary to install but some applications might not run on android emulators or on rooted devices to so bypass root detection if you’re feeling lazy to go through the source code and use other methods to bypass root detection you can use modules that comes with these applications.

Installing Drozer ,Frida & Objection

Frida is a dynamic instrumentation tool which is used for injecting scripts for bypassing root detection and ssl pinning during run time , it usually bypasses root detection from the universal scripts or you can create your own script by understanding what logic is being used by apk to detect root , frida scripts are written in javascript

  • pip3 install frida
  • pip3 install frida-tools
  • pip3 install objection

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store