Android Pentesting Lab Setup step to step . Part -1

We are setting up an Android Pentesting Lab. This is an essential step for anyone interested in exploring the realm of mobile security vulnerabilities.

First we need to install the Genymotion in our system . Genymotion is a software tool that allows you to emulate Android devices on your computer

visit genymotion website to download the genymotion software

2. download the genymotion software according to your operating system.

3. My operating system is Linux so I will download the Linux version.

4. Now give the execute permission and install the genymotion .

chmod +X genymotion../genymotion.bin

5. After install the genymotion then visit here to create an account

6. now login in the genymotion software

7. after this click Ctrl+N Or click + sign

8. now select an android emulator and install

9. I am selecting custom phone and Android 10 here.

10. after this you can customize the settings or go with default setting

11. After some time, the Android emulator will be installed, after which you have to open it by clicking on the start button.

12. Now to install Playstore and other supported things. click the three-line button at the top of the sidebar and select “Install Open GApps” on the second line from the bottom.

13. After this it will ask to restart the device after completion

2. Downlaod Adb

first we need to download the adb command in our system

sudo apt updatesudo apt install adbfirst open the burpsuite in your linux machineafter this go to the android device and turn on the screen locksetting -> security -> screen lock

2. after download the burp suite certificate “Cacert.cer” go to the Download folder then drag and drop to the android emulator

3. then go to the Android files manager -> recent folder where you can see our burp suite certificate

4. click two time on the certificate and it open a new window

after successfully install the certificate in Android emulator go to the Linux machine

5. after everything is ok now you can proceed to convert your certificate from .der to .pem format.

openssl x509 -inform der -in cacert.cer -out burp.pem

6. now again rename the certificate and type this command

mv burp.pem 9a5ba575.0

7. Now push the certificate in the android emulator

8. first of all we need to give the read write permission so type few command in the teminal

adb shellsumount -o remount,rw /

now exit from there

now push the certificate successfully in the android device

adb push 9a5ba575.0 /system/etc/security/cacerts

Even after doing the drag and drop the certificate, we did it manually because that we do not face any problem later while bypassing Android SSL.

Go to the burpsuit Proxy tab -> Proxy settinguncheck the normal tick and click add the new proxyclick all interface and select the 127.0.0.1

4. Now go to the android emultor and open the wifi option

5. click setting button the pencil button and select manual proxy

6. in manual proxy you can fill you localhost laptop/pc ip and click save

7. go to your Android browser and visit any HTTP site and then check whether your proxy is intercepting the request or not.

if the burp suite are intercept the request then everything is fine

Before bypassing Android SSL Pinning, we need to setup Frida .

Download fridasudo apt update pip install frida-tools

2. now check fira version

frida --version

We checked the version because we have to download our Frida Server according to the version.

As my version is 16.2.1 then I will download the server of this version.

3. now go to the frida server github page for download the frida server

4. You can download the Frida server according to the bit and version of your PC. In my case, I will download the x86_64 bit and version 16.2.1.

5. now first unzip the frida file and give the permissions.

chmod 777 frida-server-16.2.1-android-x86_64

6. then push to the android emulator

adb push frida-server-16.2.1-android-x86_64 /data/local/tmp/frida

Do one more thing go to the Download folder and run this command

adb push cacert.cer /data/local/tmp/cert-der.crt

basically here we move the certificate to tmp file because the code of fridascript.js is written in such a way that the certificate file should be there.

7. now download this fridascript.js file from the github

8. now open three terminal tabs in the linux os

I. in first terminal type

adb shell cd /data/local/tmp./frida

If Frida does not run properly, it means that you have either not downloaded the correct bits of Frida server or have not given permission.

II. now go to the 2nd tab and type the

frifa-ps -UaiYou will see a list of installed Android applications.

2. Now copy the name of the Android application from here.

III. Now go to the 3rd tab and type this command

sudo suIt is important that you have su permissions.

2. now type this command in the 3rd teminal

frida -U -f com.linkedin.android -l /home/kali/fridascript.js

Ok everything is fine now :)

Now you can do hunting on Android applications

Thank you :)