Hello learners, in our previous guide, we learnt how we can set up a penetration testing lab on our computer using open source and free tools. In this guide, I will be showing you how to set up an android pentesting lab using freely available tools.
Creating an android pentesting lab is a significant starting step to learning about mobile security. This guide's goal is to give users the key components they need to set up an android pentesting lab and begin studying how to analyze mobile applications for known vulnerabilities before they cause harm to the users.
- An active internet connection.
- Android Studio.
- Android Platform -Tools.
- Damn Vulnerable Banking Application.
- Frida client.
- ADB Drivers(for Windows users).
Installing android studio
To install android studio on the system we first need to download the zip containing the installation files from the android studio website and extract them to our desired folder. After extraction is complete, we can navigate into the “android-studio/bin” folder where we give studio.sh file the required permission for it to run using the command.
chmod +x studio.sh
We can then run android studio using the command.
When running the android studio for the first time, a fast internet connection is required since the android studio has to install the required files and tools.
Setting up an emulator
After we are through with the android studio installation, the next step is to install the emulator from which we will be running our applications in the android penetration lab. We create a new project and choose the “no activity” template to start with as shown in the image below.
The next step is to provide the name and other minor details for the project we created as shown in the image below.
In the next step, we need to install an android operating system in the emulator. It is from the android operating system running on the emulator where we will have the android pentesting lab. To install an android operating system we launch the AVD Manager on the tab shown in the image below.
When running the android studio for the first time, there will be no devices on the Device Manager tab. To create a new device we click “Create device”. In the next screen, we have to choose the kind of device to use for the android pentesting lab as shown in the image below.
In the next step, we have to select the version of the android system to use in the android pentesting lab. In our case, we will be using android version 12 as shown in the image below.
We click next and provide the name we want to call the virtual device we will be using for the android pentesting lab, click on “Finish” and wait for the virtual device files to download. Having a fast and stable internet is recommended for this step since the android OS is large. We can sit back and wait for the installation to complete. Once the downloading completes, we can use the “play” button to start the virtual device for the android pentesting lab as shown in the image below.
Installing an app in the android pentesting lab
The virtual device is now ready to start pentesting. Our next step will be to install the app we want to perform penetration testing on. We will use the ADB to install the target application on our android penetration testing lab. First, we check if our virtual device is online by running the below command.
There are two ways we can use to install apps on our android pentesting lab. First, we can download the target application from the play store or install the application using a local file. To install, we run the below command.
After the installation is complete we can be able to view and access the installed app on our android pentesting lab as shown in the image below.
Installing android pentesting tools in our labs
Once we have our android pentesting lab running and the target app in the lab, we need also to install penetration testing tools for android.
Frida tools installation
Frida is a framework for dynamic testing used by reverse engineers and security researchers. Using Frida in your android pentesting lab, you can analyze private application code, spy on cryptographic APIs, and hook any function by injecting your custom scripts into application processes.
Moreover, it allows you to modify the injection script and examine the effects immediately. You are able to circumvent root detection, certificate pinning, memory dumps, etc. with the help of Frida.
To install Frida, we download the Frida server tools from Frida’s release repository but you should ensure you download the one with a similar architecture as your android pentesting lab virtual device. To check the architecture you can use the command.
adb shell getprop ro.product.cpu.abi
Once downloaded, we extract the zipped file and push the files to the virtual device using the command.
adb push/Desktop/frida-core-devkit-16.0.7-android-arm64 /data/local/tmp/frida-server
We then modify the permissions of the Frida-server to allow it to run using the command.
adb shell “chmod 755 /data/local/tmp/frida-server”
And we finally allow root access, navigate to the folder and finally run the server.
The next step is to install the Frida client which matches the server version that is running on our android pentesting lab. To install this we run the command.
pip3 install frida==” corresponding server version”
pip3 install frida-tools
which is a set of command line tools that we can use to interact with the AVD for functions such as showing and killing the running processes.
We can use the ADB shell to provide root access to tmp directory and run the server using the below commands.
$ adb shell [emulator]$ su [emulator]$ cd /data/local/tmp [emulator]$ ./frida-server &
Hooking the DamnVulnerableBank
We can now hook the application we installed earlier on the android pentesting lab to Frida using the command.
frida -U DamnVulnerableBank
Once hooked, we can now start the pentesting. Objection is a tool with pre-built scripts which are useful when performing penetration testing.
installing objection is as easy as installing a python package. To run the installation we just need to run.
pip install objection
After installation is complete we can be able to start analyzing our target application running on our android pentesting lab directly from the command line. Using objection you can be able to view useful information related to the target application such as the environment of the app.
In the above guide, we have used freely available tools to set up an android pentesting lab that can be used to test the security of android applications. Within this lab, you can be able to perform penetration tests on your Android application without the fear of going against the law. The android pentest lab is also recommended when analyzing malicious applications since it minimizes the risk while running these applications.