Android-InsecureBankv2

In this article , we will learn at the various concepts of Android application security while exploiting a vulnerable app InsecureBankv2. We will be looking at all the concepts from a noob’s perspective and hence i would recommend this blog to beginners as well.

usage guide

This document is divided into 3 parts:-

1. Setting up Genymotion
2. Running the back-end AndroidLab Server
3. Installing and running the InsecureBankv2 application -via apk file

Genymotion

Once you install genymotion, you should sign up for a new account (it’s free) and create different emulators based on your need. Here is what my emulators look like.

Now, We need to install some additionals to make sure you can connect to the emulator from youre laptop. Steps are different for Mac/Windows/Linux Users.

Mac Users Only:-

Brew cask install android-platform-tools

Windows Users Only:-

Download the file https://dl.google.com/android/repository/platform-tools-latest-windows.zip. Extract the file and add this folder “platform-tools” to your environment path for faster access(or you can navigate to this path every time we talk about using the “adb” command.

Linux Users Only:-

sudo apt-get install android-tools-adb

Running the back-end AndroLab server

Before proceeding to install the InsecureBankv2 application on the newly created AVD, ensure that the back-end server is running properly. The back-end for the InsecureBankv2 application is a simple python server running simple Flask and CherryPy web frameworks.

1. Download the latest version of InsecureBankv2 from GitHub using the below mentioned command on the terminal.

git clone https://github.com/dineshshetty/Android-InsecureBankv2.git

2. The server component can be found in the AndroLabServer folder in the InsecureBankv2 project source folder.

3. Install the libraries using the command:-

pip install -r requrements.txt

4. Navigate to the AndroLabServer folder in the downloaded InsecureBankv2 project source code and use the below command to run the HTTP server on the default port 8888:

python app.py

The below mentioned command can be used to view the available arguments for the AndroLab server component.

python app.py — help

5. Step 5: Now, we need to setup our configuration to make sure that InsecureBankv2 can talk to this server. To do this open VirtualBox and right click the created AVD > Settings > Network. For Adapter 1 set up “Bridged Adapter”. For Adapter 2 setup “NAT”.

Installing and running the InsecureBankv2 application — via APK file

Once the AVD is set up and running in Genymotion, we can proceed to install InsecureBankv2 on it.

1. Step 1: Download the latest version of InsecureBankv2 from GitHub using the below mentioned command on the terminal.
2. Using the adb utility in the Android SDK platform-tools folder, the InsecureBankv2.apk file from the downloaded project can be installed on to the emulator.

adb install InsecureBankv2.apk

3. You can now launch the InsecureBankv2 application from the Android app

4. In the Android emulator, click the menu button and select the Preferences menu.

5. Configure the Android emulator to point to the IP address and port number of the machine on which the AndroLab server is running. Click Submit to continue.

6. Clicking on the “Create User” redirects the user to the user creation module.

Reference: https://github.com/dineshshetty/Android-InsecureBankv2

If you enjoyed reading the article do clap and follow on medium