OK, so in this blog, I will show you how to build your own lab for Android pen-testing. We will also install all the necessary tools required for Android pen-testing.
1. Installing ADB.
ADB (Android Debug Bridge) is a command-line tool used for interacting with and managing Android devices or emulators. In simple term with the use of this tool we can easily do copy-paste, move, etc.
Before we start, open your Kali-linux machine and open the terminal and enter the following command. “sudo apt-get install adb”
Now, we gonna install genymotion where we can use the virtual android devices for our android pentesting. Go through this link https://www.genymotion.com/product-desktop/download/ and install on behalf of your compatible version and OS. And fill all the details and sing-up.
- When you complete the login process you have to see such type of dashboard
- Now, simply click on + and select the your emulator device where your perform android pen-testing.
- Now, click next and change the configuration on behalf of you. And wait for few minutes it will automatically setup.
- Start the device
- Now, if in your android device you don’t having play-store for downloading the application. You can visit this link and you can download it. https://opengapps.org/ simply download it and use drag and drop options to install this on your android device.
- Now for intercept the request of this device you should have to install Burp-suite
- So, you can visit this link and follow the all steps to install the burp-suite https://portswigger.net/burp/documentation/desktop/getting-started/download-and-install
- And when you complete install the burp-suite we have do some configuration in our emulator device and burp-suite for intercepting the http, https request.
- So let’s start.
- Now, open your burp and go to proxy setting and add a proxy port number and select all interface and click ok.
- Once you done with this settings in your burp
- Now, you make changes on your android emulator
- Go to WiFi options and make changes on manual proxy options
- Set the ip of your system into android emulator proxy and also mention port number which you have already put the port on your burp-suite same port you have to put on your android device.
- With these setting now you can intercept the HTTP request but not HTTPs
- So for intercepting HTTPs request you have to configure burp certificate on your android device.
- Open your burp go to the proxy setting and click on import/export CA certificate and after click on certificate in DER format and click on next and select the path of file where you want to export this certificate
- After this simple you have to drag and drop the file on your android device like you follow when you download the play-store.
- Now you have change the extension .DER to .cer and save it and open and give it any name that you want
- And finally you good to go for intercepting the HTTPs request.
