In our Previous post we had learnt about android platform and it’s security architecture, if you have not read our Previous Post, i would suggest you to read Part1 first.
Today we are going to Learn about “ Setting up the environment for Penetration Testing ”.
Tools Required and its purpose:
GenyMotion & VirtualBox: Genymotion is used for creating Custom devices which will run on VirtualBox, Not mandatory to have if you already have a Physical device.
BurpSuite: This Proxy tool is used to Intercept the the android traffic.
Appie(Android Pentesting Portable Integrated Environment): This tool is used because it has multiple tools inside it which is used in android penetration Testing like adb, sqlite, wireshark, apktool, drozer, androbugs and many more. click here to download
After Downloading all the Above Listed Tools you need to Set up genymotion first. Open up genymotion and navigate to Setting and ADB page, and provide the location of the sdk located inside appie folder as shown in the below screenshot.
Now to create the Device, click on the + button shown in the above screenshot and List of Virtual Devices will be shown, Select any device and click Next and Install as shown in the below screenshot.
After the Installation is completed, you will get a device installed Notification, now Go ahead and launch the device by clicking on start.
Note: You can Skip the Above steps if you are using the Physical android device.
Once the device is launched, we need to setup proxy in device and Burpsuite so that we can intercept the traffic.
To set the Proxy in Virtual Device follow the below Steps:
Step 1: Open the wifi setting in the virtual Device.
Step 2: Press & hold on Connected wifi.
Step 3: Select Modify network Option.
Step 4: Select Proxy’s Manual option from drop down menu.
Step 5: Check your machine’s IP and the same in Proxy hostname and set any Port as Proxy Port.
Step 6: Click on Save.
My machine’s IP is 192.168.254.19 so setting up the same in AndroidWifi Setting as shown in the screenshot below.
To Setup Proxy Setting in BurpSuite follow the below steps:
Step 1: Launch Burpsuite and Navigate to Proxy Tab.
Step 2: Select Options ,click on Add and set the same port number and IP that you have set in Virtual device.
Step 3: Click on save.
You can follow the below Image counters for your reference.
Now Open the Virtual Device and launch the browser , enter http://burp and hit enter, download the Certificate and save it with .cer extension and install the certificate.
Open Up burp and follow the counters shown below in an image to export the certificate.
push the certificate inside the system using below command using appie. You can launch Appie from Installed path. Default installation path is: C:\Appie\Appie.exe
Now go ahead and install the certificate and Turn On the Proxy on Burpsuite and you will be ready to intercept request of android device.
Thank you!! Please leave your Feedback in the comment section below regardless it is bad or good, Helps me improve myself.