Android Pentest Environment Setting Up

Automation Setup

BrutDroid - Android Studio Pentest Automator - https://github.com/Brut-Security/BrutDroid

Manual Setup

1. Setup Tutorial Video + Repo ( Using Magisk + Frida)

   Installing (AND ROOTING) Android Emulator [2024 UPDATE]

   Burp Suite and Frida on an Android Emulator [2024 UPDATE]

   https://gitlab.com/newbit/rootAVD

   https://github.com/newbit1/rootAVD

2. Step By Step

   • Rooting Emulator:

     • Step 1: Install rootAVD for Download Magisk

     • Step 2: Using rootAVD for installing Magisk on the Emulator

     • Step 3: Cold Boot for Patch System Image

     • Step 4: Finalize Root

   • Install Burp Suite Certificate:

     • Step 1: Install AlwaysTrustUserCerts → This is a Magisk module designed to make the system trust Burp Suite's certificate (PortSwigger CA)

     • Step 2: Run BurpSuite and install the BurpSuite certificate (PortSwigger CA) on your local machine with .crt extension

     • Step 3: Use ADB to push AlwaysTrustUserCerts.zip and PortSwigger CA from your local machine to /sdcard on the AVD

     • Step 4: On your AVD, go to Settings → Security → Encryption & credentials → Install a certificate → CA certificate, and select the PortSwigger CA from /sdcard

     • Step 5: Go to Magisk Application → Modules → Install from storage → Add AlwaysTrustUserCerts.zip from /sdcard and Reboot AVD

     • Step 6: On your AVD, go to Settings → Security → Encryption & credentials → Trusted credentials → SYSTEM, and check that the PortSwigger CA is installed

   • Install Frida: https://frida.re/docs

     • Note: Make sure to use the same version of Frida Server and Frida Client.

     • Install Frida Client:

       • Install using pip: pip install frida-tools

       • Verify installation using: frida --version

     • Install Frida Server: https://github.com/frida/frida

       • Step 1: Check your device's CPU type: adb shell getprop ro.product.cpu.abilist

       • Step 2: Go to the Release Page on Github: https://github.com/frida/frida/releases/

       • Step 3: Install the Frida Server that matches the version of the Frida Client and the CPU architecture of the AVD

       • Step 4: Extract the .xz file using WinRAR or 7-Zip, then rename the extracted file to frida-server using the mv command

       • Step 5: Now, let’s get it running on your device:

         adb root # might be required
         adb push frida-server /data/local/tmp/
         adb shell "chmod 755 /data/local/tmp/frida-server"
         adb shell "/data/local/tmp/frida-server &" # Run as a background process
         # or running using
         adb shell
         su root
         cd "/data/local/tmp"
         ./frida-server # Run in the foreground (blocks the terminal). If Frida has an error, you can see it in the terminal

       • Step 6: Check if Frida is running by executing the following command

         frida-ps -U

Alternatively, you can use a different Technology Stack like:

• Genymotion + VirtualBox:

  • https://securiumsolutions.com/a-complete-beginner-guide-to-android-pent-testing-lab-set-up/

  • https://medium.com/bobble-engineering/setting-up-an-android-pentesting-environment-using-genymotion-c7aa4186e783

• LDPlayer:

  • https://hackmd.io/@janlele91/BJ20xGWFn

Other Blog Setup using Android Studio:

• https://viblo.asia/p/cai-dat-moi-truong-pentest-android-tren-windows-phan-1-aWj53jpwl6m

• https://viblo.asia/p/cai-dat-moi-truong-pentest-android-tren-windows-phan-2-1Je5EGo1ZnL

• https://viblo.asia/p/cai-dat-moi-truong-pentest-android-tren-windows-phan-3-Qbq5QDgXlD8

Series for Android Pentest:

• https://viblo.asia/s/pentest-android-QqKLvpwrl7z

• https://viblo.asia/p/reqable-mot-giai-phap-khac-de-bat-request-tren-app-mobile-5pPLkAan4RZ