Mobile Application Penetration Testing Environment Setup

 

Mobile Application Penetration Testing Environment Setup

AVD Setup

1)       Install Android Studio from https://developer.android.com/studio

2)       Upon installation finished, click on “More Action” > “Virtual Device Manager

3)       Create “Virtual Device” and select “Pixel 4

4)       Select “API 31” and “Google Play Intel x86_64 Atom System Image”. Run the image by selecting “Cold Boot” from the three dot menu.


 

Rooting AVD

1)       Go to https://gitlab.com/newbit/rootAVD and download it

2)       Change to rootAVD directory and run the command from below screenshot to root the AVD. Ensure the AVD is “Cold Boot” and running before executing the command. As we are using API 31 Google Play Store image, select the right version and run the command.

*FAKEBOOTIMG is used in this case as the Magisk Versions >= 26.x can only be properly installed with the FAKEBOOTIMG argument due to the new sepolicy.rule implementation.

3)       After running the command, it will stucked at “Install/Patch” for Magisk. Hover to the emulator and click “Cancel” when prompted to restart. Click “Install” and “Select and patch a file”. Select fakeboot.img located at Downloads and let it finish installing. After installing is finished, hover to the terminal and click “Enter” to continue the rooting process of emulator. The emulator will shutdown.

4)       Relaunch it with “Cold Boot”

5)       Open Magisk and it will prompt “Requires Additional Setup

6)       Click OK and the emulator will automatically reboot.

7)       Open terminal in ADB directory. Usually it will be bundled with android studio and located at the same as below screenshot.

8)       Open Magisk and run below command. A prompt will appear when typing “su” in the terminal. Click “GRANT”.


 

Burp Configuration

1)       Download Magisk Module here https://github.com/NVISOsecurity/AlwaysTrustUserCerts/releases/tag/v1.3

2)       Get Burp CA and rename it to cacert.crt

3)       Push both the module and burp CA into the emulator by running below command:-

·         adb push AlwaysTrustUserCerts_v1.3.zip /sdcard/

·         adb push cacert.crt /sdcard/

4)       Load the Magisk Module and install it from storage


5)       Restart the emulator

6)       Go to Settings > Security > More Security Settings > Encryption & Credentials > Install a certificate > CA certificate

7)       Restart and the certificate will be moved to System

8)       Set the proxy on WIFI settings based on the screenshot below and based on burp suite IP. This configuration is based on having burp suite in kali linux and vmware network is set as Bridged.


 

Frida Setup

1)       Install frida and frida-tools. (Current stable version for API 31 is frida==16.0.3 and frida-tools==12.0.3

2)       pip install frida==16.0.3 frida-tools==12.0.3

3)       Check the emulator architecture by running the command against it.

4)       adb shell getprop ro.product.cpu.abi

5)       Download Frida server for the architecture.

6)       https://github.com/frida/frida/releases/download/16.0.3/frida-server-16.0.3-android-x86_64.xz

7)       Unzip it and rename to frida-server

8)       adb shell “su -c ‘setenforce 0’” (Run this command before starting frida-server)

9)       Send the frida-server to the emulator. Set permission and run the server

10)   Now you are ready to dive into Mobile Penetration Testing.

Comments

Popular posts from this blog

Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form.

Setting up MobSF in Ubuntu 18.04

Cert-Fixer : Simplify your CA certificates installation