00. Prepare For Penetration Testing
Everything starts with an introduction phase, I am not going to focus on this part much. but I’ll give you an Introduction with Android Architecture and applications That we’ll need to test applications for vulnerabilities.
Android Architecture
System Apps: Applications That we use daily like Messages.
JAVA API Framework: The APIs that programmers use for development in java and Kotlin.
Android Run time: Translates Dalvik (Android JVM) byte codes into native instructions.
Native C/C++ Libraries: These libraries mostly used in android implementation and does not have much work to do with application developers except NDK developers.
HAL: provides high level API for hardware management.
Android SDK and Tools
Everyone who wants to build an application needs Android Software Development Kit. You can download Android SDK alone or by Android Studio. I prefer installing Both by downloading Android Studio. Following applications will be useful and you most add them into the operation system path. after adding these locations into your path, test to ensure they are working properly.
adb - Android SDK Path/platform-tools/adb
aapt - Android SDK Path/build-tools/<VERSION>/aapt
aapt2 - Android SDK Path/build-tools/<VERSION>/aapt2
apksigner - Android SDK Path/build-tools/<VERSION>/apksigner
zipalign - Android SDK Path/build-tools/<VERSION>/zipalignGenymotion
If you don't have an Android device, probably you need an emulator. I prefer using Genymotion For Fun but you can use other applications as well.
After downloading and installing Genymotion , please set your Android SDK location in Genymotion to your own already installed Android SDK path. This will help you prevent lots of errors that you may face.
If you want to analyze malware, use Android API level 22 or lower to have more freedom, based on permission restrictions.
Additional Applications
In this part I show you the mostly used android penetration testing applications but as you may know, this list is not limited and you can find other suitable software for your demands.
Drozer
This is an application that can simulate a malicious application in Android. It can send your required requests to other applications based on your demand.
Drozer has two part
- first one is an APK file it acts like an agent
- second one is the console application to communicate with agent
After installation you need to start agent, and port forward using adb.
adb forward tcp:31415 tcp:31415
JADX
Jadx is an application for reverse engineering android APK Files.
Objection (Frida based)
Objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device. To install Objection run the following command:
sudo pip3 install -U objectionTo use objection you should run frida-server X86 in Genymotion virtual android device. Then run objection application.
Damn Insecure and Vulnerable Application
Finally we need an application as a target. There are lots of APK files for penetration testing in Android OS but mostly we will use DIVA application.
Final words
I prepared a Step by Step list of Android penetration testing guide based on my own articles here. check for new posts from time to time.
Feel free to add comments to help me improve my post. by the way, security belongs to everyone.
