Mobile Application Penetration Testing Environment Setup
Mobile Application Penetration Testing Environment Setup
AVD Setup
1) Install
Android Studio from https://developer.android.com/studio
2) Upon
installation finished, click on “More Action” > “Virtual Device
Manager”
3) Create
“Virtual Device” and select “Pixel 4”
4) Select
“API 31” and “Google Play Intel x86_64 Atom System Image”. Run
the image by selecting “Cold Boot” from the three dot menu.
Rooting AVD
1) Go
to https://gitlab.com/newbit/rootAVD
and download it
2) Change
to rootAVD directory and run the command from below screenshot to root the AVD.
Ensure the AVD is “Cold Boot” and running before executing the command.
As we are using API 31 Google Play Store image, select the right version
and run the command.
*FAKEBOOTIMG
is used in this case as the Magisk Versions >= 26.x can only be properly
installed with the FAKEBOOTIMG argument due to the new sepolicy.rule
implementation.
3) After
running the command, it will stucked at “Install/Patch” for Magisk.
Hover to the emulator and click “Cancel” when prompted to restart. Click
“Install” and “Select and patch a file”. Select fakeboot.img
located at Downloads and let it finish installing. After installing is
finished, hover to the terminal and click “Enter” to continue the
rooting process of emulator. The emulator will shutdown.
4) Relaunch
it with “Cold Boot”
5) Open
Magisk and it will prompt “Requires Additional Setup”
6) Click
OK and the emulator will automatically reboot.
7) Open
terminal in ADB directory. Usually it will be bundled with android studio and
located at the same as below screenshot.
8) Open
Magisk and run below command. A prompt will appear when typing “su” in
the terminal. Click “GRANT”.
Burp Configuration
1) Download
Magisk Module here https://github.com/NVISOsecurity/AlwaysTrustUserCerts/releases/tag/v1.3
2) Get
Burp CA and rename it to cacert.crt
3) Push
both the module and burp CA into the emulator by running below command:-
·
adb push AlwaysTrustUserCerts_v1.3.zip /sdcard/
·
adb push cacert.crt /sdcard/
4) Load
the Magisk Module and install it from storage
5) Restart
the emulator
6) Go
to Settings > Security > More Security Settings > Encryption &
Credentials > Install a certificate > CA certificate
7) Restart
and the certificate will be moved to System
8) Set
the proxy on WIFI settings based on the screenshot below and based on burp
suite IP. This configuration is based on having burp suite in kali linux and
vmware network is set as Bridged.
Frida Setup
1) Install
frida and frida-tools. (Current stable version for API 31 is frida==16.0.3 and
frida-tools==12.0.3
2) pip
install frida==16.0.3 frida-tools==12.0.3
3) Check
the emulator architecture by running the command against it.
4) adb
shell getprop ro.product.cpu.abi
5) Download
Frida server for the architecture.
6) https://github.com/frida/frida/releases/download/16.0.3/frida-server-16.0.3-android-x86_64.xz
7) Unzip
it and rename to frida-server
8) adb
shell “su -c ‘setenforce 0’” (Run this command before starting frida-server)
9) Send
the frida-server to the emulator. Set permission and run the server
10) Now
you are ready to dive into Mobile Penetration Testing.
Comments
Post a Comment