Home  ›  All Blogs  ›  amit  › 

Android Security Part 2: Android Pentesting Lab Setup

    amit
    5-April-2021

Android Pentesting Lab

Android Pentesting Lab Setup

Hello Guys, In our last blog, we discussed some basic fundamentals about Android applications and their architecture. If you have not read my previous blog on Understanding Android Basics, then you can read it here. This will be a multipart blog series in which we will demonstrate the best way of Setting up your lab and an overview of vulnerabilities in Android Applications. This blog will guide you in setting up your lab and some necessary tools you require for android penetration testing and also provide you a basic idea on Vulnerabilities in android applications to help you get some basic ideas.

TOOLS REQUIRED

  • Android Studio
  • Mobsf
  • Jadx
  • Apktool
  • Burpsuite Proxy
  • SqLiteBrowser
  • Frida

Make Sure you have installed all the tools to proceed next.

LAB SET-UP

  • Require a System with Minimum of 4gb Ram.
  • Genymotion Android Emulator OR Nox Player Emulator OR Android Studio Emulator.
  • And if you are not using the above method, then we will be needing a physical device for Dynamic Testing.

Device Setup

We’ll be using Android Studio Emulator In the Android Penetration testing Blog Series.

Android Studio Emulator

  • Download the Android Studio Download Android-Studio

  • Open the Android Studio and click On AVD

  • Error - Reload the Page

  • Create Virtual Device of Minimum of API LEVEL 26

    framework installation

    • We will first install Magisk Framework after this Xposed Framework.
    • For Installation Of Magisk framework In Android Studio Emulator Install Magisk
    • Follow all the steps that are given in the MagiskOnEmulator repo.
    • Once Magisk Installed Open Magisk Manager Application -> Modules. Install Riru Module.
      Error - Reload the Page
    • Install Riru-Edxposed Module and Reboot the Emulator.
      Xposed installation
    • You successfully installed Magisk And Xposed Framework.

Burp Suite Proxy Configuration

Device Configuration
  • In the Burpsuite, Click on the “Proxy” tab and then click on the “Option” tab. Click on Import/export CA certificate.

    Burpsuite-Configuration

  • Tap on Certificate in DER Format. Proceed next.

  • Save The file as extension .cer. Certificate successfully downloaded to selected Path on Your System.

  • Push the Certificate in the Emulator by simply Drag and Drop. and install the certificate.

  • Open Magisk and Install the Move Certificate module. This module moves all user certificates to system certificates.

    Move-Certificate

Proxy Listner Configuration
  • In the Burpsuite, Click on the “Proxy” tab and then click on the “Option” tab. Under the Proxy Listeners, click on the “Edit” button

  • Under the “Binding” tab, in the “Bind to port” text field enter a port number that is not currently in use. Then select the “All interfaces” radio button and click on the “OK” button

    Burp Configuration

  • Go to the “Wi-Fi networks” table, find your network and tap it to bring up the connection menu.

  • Tap “Connect”.If you have configured a password, enter it and continue.

  • Once you are connected hold down on the network button to bring up the context menu.

  • Tap on Modify Network .Ensure that the “Show advanced options” box is ticked.

  • Change the “Proxy settings” to “Manual” by tapping the button.

  • Then enter the IP of the computer running Burp into the “Proxy hostname”.Enter the port number configured in the “Proxy Listeners” section earlier, in this example “8080”.Tap “Save”.

Burp configuration

TOOL SETUP

We will now be setting up some tools for dynamic analysis. This blog lists down some of the tools helpful for testing Android Applications. We will setup few of the tools - Mobile-Security-Framework - MobSF - objection - Runtime Mobile Exploration

Mobile-Security-Framework - MobSF
  • MobSF is an automated, all-in-one mobile application pentesting framework that also supports Android APK files.
  • To install it you will need to download it on the Machine. The GitHub repository can be found here.
  • Installation
    # Prequesties
     Install the Requirements from -> (https://mobsf.github.io/docs/#/requirements)
    
    # Downloading and Installing the required packages
        git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
        cd Mobile-Security-Framework-MobSF
        ./setup.sh # For Linux and Mac
        setup.bat # For Windows

    # Running MobSF Server
        ./run.sh # For Linux and Mac
        run.bat # For Windows

Once server is running you could navigate to http://127.0.0.1:8000 to access the MobSF GUI. Now simply drag the APK you want to analyse into the upload area and MobSF will start its job.

##### Frida + Objection * Frida lets you inject snippets of JavaScript or your own library into native apps on Windows, macOS, GNU/Linux, iOS, Android, and QNX. * Objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak. * To install Frida and objection on Windows we will need run the below commands

    # Downloading and Installing the required packages
        pip3 install frida-tools
        pip3 install objection


    # Running Frida Client
        frida-ps -U     # to list the running application
        objection --gadget "<package name>" explore

We also need to install a Frida server on the Android device. To install the Frida server on the follow the below steps

 # Downloading and Installing the required packages
    Open Magisk Application and Install **Magisk-frida Module **. This Module Automatically run the frida-server       on boot
    Restart the Device

fRIDA SETUP

Vulnerability Analysis

Vulnerability analysis is typically the way toward searching for vulnerabilities in an application.Although this may be done manually, automated scanners are usually used to identify the main vulnerabilities. There Are Two Types Of Vulnerability Analysis * Static Analysis * Dynamic Analysis

  • Static Analysis: Static Analysis is the analysis of an Application, which is performed without actually executing programs,. During static analysis, the mobile app’s source code is reviewed to ensure appropriate implementation of security controls. Automatic scans catch the low-hanging fruit, . Static Analysis Includes Manual Code Review, Automated Source Code Analysis.

  • Dynamic Analysis: The main objective of dynamic analysis is finding security vulnerabilities in a program while it is running. Dynamic analysis is conducted both at the platform layer and against the backend services and APIs, where the mobile app’s request and response patterns can be analyzed.

Bird Eyeview of Vulnerabilities:

MINDMAP

About Payatu

Payatu is a Research Focused, CERT-In impaneled Cybersecurity Consulting company specializing in security assessments of IoT product ecosystem, Web application & Network with a proven track record of securing applications and infrastructure for customers across 20+ countries.


Get in touch with us. Click on the get started button below.

Get to know more about our process, methodology & team!

Close the overlay

I am looking for
Please click one!