How to Correctly setup Android Penetration Testing on a MacBook

Here’s my way of setting up for a Android Pentest on a MacBook M2 Pro

Required Software

Download Genymotion : https://www.genymotion.com/download/

Download ADB Platform Tools : https://dl.google.com/android/repository/platform-tools-latest-darwin.zip

Download Friida Server : https://github.com/frida/frida/releases/download/16.1.8/frida-server-16.1.8-android-arm64.xz

Before starting up, it is recommended to place the adb and friida server at the same folder since it will be easy to use.

Then Open your Terminal Start ADB

./adb devices

First get your machine IP from the burp suite, in my case in 192.168.8.102:8085

Connect the Phone

Add the Cert

openssl x509 -inform DER -in cacert.der -out cacert.pem

openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1

mv cacert.pem <hash>.0

Then, transfer the certificate to the SD card by using ‘adb’ command tools.

adb root

adb remount

adb push 9a5ba575.0 /sdcard/

adb shell

If it’s saying “mv: /system/etc/security/cacerts/9a5ba575.0: Read-only file system”

Follow Below Steps

adb root

mount -o rw,remount /

mv /sdcard/9a5ba575.0 /system/etc/security/cacerts

chmod 644 /system/etc/security/cacerts/9a5ba575.0

Finally Push the Friida Server

## adb push frida-server-15.2.2-android-x86 /data/local/tmp
## adb shell chmod 755 /data/local/tmp/frida-server-15.2.2-android-x86
## Start Server adb shell /data/local/tmp/frida-server-15.2.2-android-x86 &