Android Pentesting

ADB Commands
# install adb
sudo apt install adb
​
# connect to a device
adb connect <ip>:5555
​
# check the connected devices
adb devices
adb devices -l
​
# get shell on the android device
adb shell
​
# get the list of installed applications
adb shell pm list packages | grep <appName>
​
# get the path of the installed application
adb shell pm path com.app.name
​
# obtain apk from the installed location
adb pull /data/data/*/*/base.apk <appname.apk>
​
Wireless ADB
| REQUIREMENTS: Android 11
Android 11 and higher supports deploying and debugging your app wirelessly from your workstation using Android Debug Bridge (adb)
Connect the device and check for adb devices
Once the device is shown in the adb devices output, go to developers options and enable wireless debugging
In the shell adb tcpip 5555
adb connect <ip> of the mobile
Now the adb can be performed wirelessly
Tools Required
apktool
d2j-dex2jar
jd-gui
apkx
jdax
Nice Blogs
​https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1​
​https://serializethoughts.com/2016/08/18/bypassing-ssl-pinning-in-android-applications​
​https://github.com/vaib25vicky/awesome-mobile-security​
​https://mobexler.com/checklist.htm#android​
​https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview​
​https://l33t-en0ugh.gitbook.io/infosec/android-pentesting​
​https://manifestsecurity.com/appie/​
Labs
​https://www.linkedin.com/pulse/10-vulnerable-android-applications-beginners-learn-hacking-anugrah-sr/?trackingId=2B5LsMW8RDaNPvRPfZ1RAw%3D%3D​
Troubleshooting
Gennymotion: https://support.genymotion.com/hc/en-us/articles/4415611962897#:~:text=finish%20the%20update-,c.%20Solution%203,-Open%20VirtualBox​
Custom DNS - https://devilbox.readthedocs.io/en/latest/howto/dns/add-custom-dns-server-on-android.html​

Last modified 3mo ago