Nowadays mobile user’s area
unit increasing day by day, the protection threat is also increasing along with
the expansion of its users. These threats can disrupt the operation of the
smart phone, and transmit or modify user data. For these reasons, the
applications deployed there should ensure privacy and integrity of the info
they manage. Mobile security involves protecting personal and business
information continues and transmitted from good phones, tablets, laptops and
totally different mobile devices. Mobile security has become very important in
mobile computing as a result of the day these days increase inside the delicate
attack methods. So, now we will see how
to exploit and analyze the android application for vulnerability.
So first we have to setup an environment for android
application testing.
Requirements for android penetration testing:
·
Virtual Box
·
Santoku OS which come with preinstalled SDKs.
·
GenyMotion for creating Android Virtual Device (
AVD)
·
A vulnerable android app “InsecureBankv2”.
Let’s start…
So first download Santoku OS from here. Santoku OS is built especially for Mobile
penetration testing and forensic investigation. Santoku comes with
pre-installed SDKs and other utilities. There is a bunch of forensic tools also
like firmware flashing tools for multiple vendors, some other forensic scripts
for enumerating app details,
etc.
After downloading Santoku open Virtual Box and create a new virtual
machine for it.
Now select RAM for Santoku VM,
recommended is 786MB but I took 2GB, you can select according to your own need
and click NEXT.
In this section
select hard disk type as per your need or select VMDK (Virtual Machine Disk)
Here select the size of the
hard disk as you wish and then create VM.
Now for installing Santoku tou
our created VM right click on Santoku VM and go to settings Storage then select the empty
disk after click on disk icon just in front of optical drive in the attribute
section and then browse and select the downloaded santoku iso file and click
Okay.
Finally launch that VM and
after few seconds santoku boot menu will appear select “Install- start th
installer directly”
Now installation process will
begin, select your preferred language then click on continue after click on
Install now.
Select your preferred language for the keyboard.
Now
in this section name your VM and set a strong password for login access you can
also chose Login automatically but it’s not a good choice
Now santoku will start copying
files and installing. Now sit back and wait for few minutes after that it will
restart.
Here our Santoku is installed that means our first part
is completed.
Now you can
download Genymotion from here .
Basically, Genymotion is a
relatively fast Android emulator which comes with pre-configured Android with
OpenGL hardware acceleration suitable for application testing.
After installing Genymotion,
go to https://www.genymotion.com/account/create/ and create a free account there and verify
your email ID. Then come back to genymotion desktop software and login there
using newly created account credentials.
Now
to create an AVD click on ‘Add’ a new menu will appear where you can select
android devices according to device brands and version numbers.
Select the device according to
your need and click next. Then in this sections your review the configuration
of android mobile device and finally create virtual device.
Now the device will start download the data and deploy
the virtual android device.
Here you can see I created 2
virtual devices. Now select the devices and launch it.
Here is our Android Virtual Device.
To test our application for
any kind of vulnerability we need Android SDK because in our testing phase we
will be going to use ADB (Android Debugger Bridge) command line almost every
time. And Android SDK is preinstalled in
Santoku OS. So, now we are going to connect santoku to our Android Virtual
Device.
Fists check the IP of Android
Virtual Device.
Now open command line in Santoku
and type:
adb connect
You can check whether device
is connected or not by typing:
adb devices
So here we can see that list
is showing that 1 device connected.
And here you can also run
shell to enter in android mobile by typing:
adb shell
So here creating penetration
testing lab for android application is completed now stay tuned for next
article on actual android app penetration testing and hacking.
0 comments:
Post a Comment