Tools required for Android Penetration Testing and their installation
Android is a Linux kernel mobile platform that has been widely used on a wide range of devices, primarily portable smartphones, for its entire history. Most businesses, from banks to telecom firms, have developed their own apps for Android. People frequently rely too much on their Android smartphones, thus losing them could result in the loss of a significant amount of important data, such as passwords and emails. As a result, it is crucial to verify the applications holding critical user data for security.
Tools Required:
- Android Debug Bridge(adb) — An adaptable command-line tool that enables communication with a device is called Android Debug Bridge (adb).
- Genymotion — An Android 1 emulator called Genymotion Desktop has all the sensors and capabilities needed to interact with a simulated Android environment.
- Burp Suite — An integrated platform and graphical tool for performing security testing on online applications is called Burp Suite. From the initial mapping and analysis of an application’s attack surface through the discovery and exploitation of security flaws, its various tools work in perfect harmony to assist the whole testing process.
- Mobexler — Mobexler is a customized virtual machine, designed to help in penetration testing of Android & iOS applications.(Contains all tools used to penetrate application as like Android Studio, Burp Suite, Bytecode Viewer, Frida, JADX-GUI, JD-GUI, Logcat — Pidcat, MobSF, SUPER-Analyzer, Wireshark, Smali & baksmali, Radare2, Mara Framework, SIGN, TCPDUMP, Objection, Drozer, Ghidra, Cydia Impactor, Filezilla, Putty, Metasploit, Sqlmap, DB Browser for SQLite, frida-ios-dump, Nmap, swift-frida, Scrcpy, Runtime Mobile Security, Grapefruit: Runtime Application Instruments for iOS, AndroBugs Framework)
How to install required tools :
Setting up adb in Windows:
- Download the Android SDK Platform Tools ZIP file for Windows.
- Unzip the SDK Platform Tools to easily accessible file like C:\platform tools
3. Open Platform Tools folder and open cmd in that directory.
4. adb is successfully installed in your windows to check run “adb.exe” devices
Examples of adb Commands:
- Print a list of connected devices: adb devices
- Kill the ADB server: adb kill-server
- Install an application: adb install <path_to_the_APK_file>
- Set up port forwarding: adb forward tcp:6100 tcp:7100
- Copy a file/directory from the device: adb pull <path_to_the_remote_object> <path_to_the_local_destination>
- Copy a file/directory to the device: adb push <path_to_the_local_object> <path_to_the_remote_destination>
- Initiate an ADB shell: adb shell
Installing Genymotion in Windows:
- Download Genymotion for windows.
- Install Genymotion in windows
3. While installing Genymotion it will ask to install VirtualBox allow it to install VirtualBox
4. Now open the Genymotion application and now we need to install virtual android in Genymotion. To install it follow the steps:
Installing Burp Suite in Windows:
- Download Burp Suite community edition:
2. Install Burp Suite Community edition in your Windows Machine
3. Burp Suite successfully installed in windows now Burp is ready to use
Installing Mobexler in Windows:
- Download Mobexler OVA file
- After downloading it Unzip the file and run the mobexler.ova file
3. After running mobexler.ove file it will open in VirtualBox click import option in VirtualBox
4. After successful import you will see a virtual device named Mobexler, click on start button to start this virtual device.
5. After proper booting, the mobexler will run as a virtual machine to log in type password 12345
6. Mobexler OS will be boot successfully in which all Mobile Penetration Testing tools are per-installed.
$ To configure Mobexler with Genymotion — Click Here