Android-InsecureBankv2
In this article , we will learn at the various concepts of Android application security while exploiting a vulnerable app InsecureBankv2. We will be looking at all the concepts from a noob’s perspective and hence i would recommend this blog to beginners as well.
usage guide
This document is divided into 3 parts:-
- Setting up Genymotion
- Running the back-end AndroidLab Server
- Installing and running the InsecureBankv2 application -via apk file
Genymotion
Now, We need to install some additionals to make sure you can connect to the emulator from youre laptop. Steps are different for Mac/Windows/Linux Users.
Mac Users Only:-
Brew cask install android-platform-tools
Windows Users Only:-
Download the file https://dl.google.com/android/repository/platform-tools-latest-windows.zip. Extract the file and add this folder “platform-tools” to your environment path for faster access(or you can navigate to this path every time we talk about using the “adb” command.
Linux Users Only:-
sudo apt-get install android-tools-adb
Running the back-end AndroLab server
Before proceeding to install the InsecureBankv2 application on the newly created AVD, ensure that the back-end server is running properly. The back-end for the InsecureBankv2 application is a simple python server running simple Flask and CherryPy web frameworks.
- Download the latest version of InsecureBankv2 from GitHub using the below mentioned command on the terminal.
git clone https://github.com/dineshshetty/Android-InsecureBankv2.git
2. The server component can be found in the AndroLabServer folder in the InsecureBankv2 project source folder.
3. Install the libraries using the command:-
4. Navigate to the AndroLabServer folder in the downloaded InsecureBankv2 project source code and use the below command to run the HTTP server on the default port 8888:
python app.py
The below mentioned command can be used to view the available arguments for the AndroLab server component.
python app.py — help
5. Step 5: Now, we need to setup our configuration to make sure that InsecureBankv2 can talk to this server. To do this open VirtualBox and right click the created AVD > Settings > Network. For Adapter 1 set up “Bridged Adapter”. For Adapter 2 setup “NAT”.
Installing and running the InsecureBankv2 application — via APK file
Once the AVD is set up and running in Genymotion, we can proceed to install InsecureBankv2 on it.
- Step 1: Download the latest version of InsecureBankv2 from GitHub using the below mentioned command on the terminal.
- Using the adb utility in the Android SDK platform-tools folder, the InsecureBankv2.apk file from the downloaded project can be installed on to the emulator.
adb install InsecureBankv2.apk
3. You can now launch the InsecureBankv2 application from the Android app
4. In the Android emulator, click the menu button and select the Preferences menu.
5. Configure the Android emulator to point to the IP address and port number of the machine on which the AndroLab server is running. Click Submit to continue.
6. Clicking on the “Create User” redirects the user to the user creation module.
If you enjoyed reading the article do clap and follow on medium