Wiki
  • Introduction
  • 👾Penetration Testing
    • Application Security
      • Mobile App Security
        • Android Application Testing
          • Security Checklist
          • SSL Pinning Bypasses
          • Non-Proxy Aware Applications
            • Setting up VPN Server
            • Bypasses
          • Common Proxying Issues
          • Android Local Storage Checks
          • Android Task Hijacking
          • Kiosk Mode / Breakout Testing
          • Magisk on GenyMotion
        • iOS Application Testing
          • iOS Testing Using Objection
          • IPA Analysis Using MobSF
          • iOS Jailbreak Bypass
          • Decrypting iOS Apps
          • iOS Reverse Engineering
          • Jailbreak Detection Bypasses
          • iOS Local Storage Checks
          • Installing IPA
          • ATS Auditing
          • iOS Jailbreaking
          • Frida Pinning Bypasses
          • iOS Jailbreaking
        • Code Security
        • Frida on Windows
      • Web Application Security
        • Web Shells
        • CSV Injection
        • Measure Response Time using CURL
        • OSINT
          • EyeWitness
        • GraphQL Hacking
      • API Security
        • Security Checklist
        • Postman and Burp
        • CURL via BurpSuite
        • SOAP API Pentesting
    • Infrastructure Security
      • Network Infrastructure
        • Red Team Powershell Scripts
        • Mounting NFS Shares
        • Password Cracking/Auditing
        • Remote Access Sheet
        • Password Cracking Using Hashcat
        • Calculate IP Addresses from CIDR
        • Grep IP addresses or IP Ranges from a File
        • Default Credentials Checking
        • Check SSL/TLS Certificates
        • Log a terminal session
        • Unauthenticated Mongo DB
        • Microsoft SQL Server (MSSQL)
        • NTP Mode 6 Vulnerabilities
        • BloodHound
        • AD Offensive Testing
        • CrackMapExec
        • Select all IP addresses in Sublime Text
        • Convert CIDRs to an IP address list
        • Microsoft Exchange Client Access Server Information Disclosure
        • Web Server HTTP Header Internal IP Disclosure
        • smbclient.py
        • GetUserSPNs.py
        • Get-GPPPassword.py
        • SMBMap
        • Mounting Shares
        • mitm6
        • AD Attacks
        • Weak IKE Security Configurations
        • Locked BIOS Password Bypass
      • Wireless Security
        • Cached Wireless Keys
        • Aircrack Suite
    • SSL/TLS Security
    • Secure Code Review
      • Python
      • Semgrep
        • Semgrep to HTML Report
    • Cloud Security
      • Cloud Penetration Testing
    • Social Engineering
      • Simulated Phishing
        • GoPhish
    • Tool Usage
      • Docker
      • Split
      • PhantomJS
      • Aquatone
      • Tmux
      • Ipainstaller
      • Public IP From Command Line
      • Wifite
      • IKE Scan
      • Grep
      • Pulling APKs
      • Bitsadmin
      • Drozer
      • Iptables
      • Python Web Server
      • Crackmapexec
      • Impacket
      • Nessus
      • Adding SUDO User
      • Nmap
      • Metasploit Payloads
      • SMTP Open Relay
      • SQLMap
      • Screen
      • Remove All After Colon
      • Remove Old Linux Kernels
      • CURL
      • Hashcat
      • Secure Copy Protocol (SCP)
      • SSH & PGP Tools
      • IP Calculator
      • BloodHound
      • Netcat File Transfer
      • OpenVAS
      • BurpSuite
      • Exiftool
      • Python Virtual Environments
    • Errors and Solutions
      • Kill Process On Specific Port
      • Kill SSH Port Forwarding
      • SSH Key
      • Expanding Disk on Kali VM
    • Scoping
      • Scoping Questionnaires
        • Mobile App Testing
    • OSINT
      • Dark Web OSINT
      • Certificate Chain Check
      • EyeWitness - Web Service Screenshot
      • Tor to Browse Onion Links
      • DarkDump - Scan Dark Web for Onion Links
      • Domain related File Search
      • Google Dorking
      • IP / Network Blocks owned by a Company
  • ⌨️Programming
    • Automation
      • Running a Service at Boot
      • Network Connectivity Cron
    • Python
      • Adding Columns in Pandas
      • Copy Entire Column Data To New Column Pandas
      • Loading Progress Bar
      • Reorder Columns in Pandas
      • Filename with Date/Time Stamp
      • Command Line Arguments
      • Changing Date Format
      • Removing Index Column Pandas
      • Regex - Remove HTML Tags
      • Column Header Mapping
  • 🌐Miscellaneous
    • Scripts
      • Clickjacking Checker
      • Bulk WHOIS
      • SMB Signing Check
      • FDQN to IP Address
      • Grep IP Addresses
      • Nessus Parser
      • Build Review Audit
      • Nessus Merger
      • Nmap2CSV
      • Remove Audio From Videos
    • Favourite Reads/Links
    • Hacking Posters
    • Windows Developer VMs
    • Windows Workspaces
    • GitHub Pages
    • Interview Prep
      • Senior Penetration Tester
    • CVSS Formula
    • Android Rooting
      • Lineage OS 18.1 on OnePlus X
      • TWRP Recover on OnePlus X
      • Magisk Rooting
    • Presentation Slides
      • BlackHat - USA [2022]
  • 🐞Vulnerability Wiki
    • 🌐APPLICATION LEVEL
      • 🔒AUTHENTICATION
        • Authentication Bypass
        • Lack of Password Confirmation
        • 2FA Code Brute-forceable
        • Lack of Verification
        • Lack of Throttling on Form Submissions
        • Lack of Rate Limiting on Login
        • Weak Password Complexity Rules
        • 🖥️SESSION MANAGEMENT
        • 🔑ACCESS CONTROL
      • 🔢INPUT VALIDATION
      • ➗CRYPTOGRAPHY
      • 📉LOGGING
      • 📕DATA PROTECTION
      • 📲COMMUNICATION
      • 👨‍💻MALICIOUS CODE
      • 💡LOGIC
      • 🗄️FILE UPLOAD
      • ⚙️API ISSUES
      • 🔍CONFIGURATIONS
    • 💾INFRASTRUCTURE LEVEL
      • ICMP Timestamp Request Remote Date Disclosure (CVE-1999-0524)
      • ASP.NET Debug Mode Validation
Powered by GitBook
On this page
  • server side:
  • How to use ADB Shell when Multiple Devices are connected
  • ADB Connect:
  • ADB Disconnecting:
  • To tell the ADB daemon return to listening over USB
  • Testing with Frida:
  • unable to connect to remote frida-server
  • To connect Frida on Remote device:
  • Using Frida Scripts:
  • Frida LOCAL JS Unpiinning Script:
  • Errors Troubleshooting:
  • Android: adb: Permission Denied
  • Check for Application Package Name:
  • Why can't I get root access from shell?
  • Run Frida Server Manually on Android:
  • No module named frida
  • Alternative
  • Get Minimum SDK from Android APK build
  • Decompile an Android Application with Dex2jar and Jd-GUI
  • Download Links:
  • GenyMotion Error with VirtualBox
  • /dev/vboxnetctl: no such file or directory
  • ADB : unable to connect to 192.168.1.10:5555

Was this helpful?

  1. Penetration Testing
  2. Application Security
  3. Mobile App Security

Android Application Testing

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.Connect to Device/GenyMotion Virtual Device using ADB

Install ADB (Linux):

sudo apt-get install android-tools-adb

Windows:

<https://dl.google.com/android/repository/platform-tools-latest-windows.zip>

Retrieve the virtual device IP address. It is displayed on top of the virtual device window:

From another computer, open a command prompt and run:

adb connect <virtual_device_IP>:5555

Find and Pull APK File:

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

adb shell pm list packages

Determine the package name of the app, e.g. "com.example.someapp". Skip this step if you already know the package name.

──(root㉿kali)-[~]

└─# adb shell pm path com.marshmallow.marshmallow.test

Output:
package:/data/app/..3WOc6TigEw-A==/com.package.test-sesdss4UbPA==/base.apk
Using the full path name from Step 2, pull the APK file from the Android device to the development box.
adb pull /data/app/com.example.someapp-2.apk path/to/desired/destination

How to use ADB Shell when Multiple Devices are connected

$ adb devices
List of devices attached 
emulator-5554   device
7f1c864e    device
adb -s 7f1c864e shell

ADB Connect:

adb tcpip 5555
adb connect 192.168.0.101:5555

ADB Disconnecting:

Be sure to replace 192.168.0.101 with the IP address that is actually assigned to your device. Once you are done, you can disconnect from the adb tcp session by running:

adb disconnect 192.168.0.101:5555

To tell the ADB daemon return to listening over USB

adb usb

Testing with Frida:

Install Frida on Windows/Linux:

pip install frida
pip install frida-tools

Make Sure GenyMotion is in Bridged mode and proxy is set to the Windows/Linux testing Machine IP and Port.

Install Frida Server on Mobile Device:

frida-server-15.0.8-android-x86

OR: (Android ARM for One Plux X E1003 Physical Device):

Copy Frida server file into the android phone tmp directory using adb push command as shown in fig. Here I have used Genymotion as an android emulator. After the copying the file change the permissions of the frida server files.

adb push frida-server-downloaded /data/local/tmp/

Now go to ADB Shell and change permissions of Server file on the mobile device:

adb shell
cd /data/local/tmp
chmod 777 frida-server-downloaded

# Run the Frida Mobile Server
./frida-server-downloaded

unable to connect to remote frida-server

Server side:

/usr/bin/frida-server -l 192.168.1.4

Client side:

frida-ps -H 192.168.1.4

Run Frida on Your Machine and Check for packages:

frida-ps -Ua

OR 

frida-ps -U

To connect Frida on Remote device:

└─# frida-ps -H 192.168.1.37    

Using Frida Scripts:

frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -f com.testapp.app -U
%resume

or use No Pause in script like:

frida --no-pause --codeshare dzonerzy/fridantiroot -f YOUR_BINARY -U

Frida LOCAL JS Unpiinning Script:

On Device:

wget https://raw.githubusercontent.com/httptoolkit/frida-android-unpinning/main/frida-script.js
frida -l frida-script.js -f com.MyApp.android -H 192.168.1.3

Copy Pasting from Host to GenyMotion Emulator:

  • Long press the right click of your mouse until the paste sign appears

Errors Troubleshooting:

Android: adb: Permission Denied

D:\android-sdk-windows\platform-tools>adb shell test
test: permission denied

Restarts the adb daemon with root permissions:

$ adb root

Push Burp Cert to SD Card Downloads Folder:

adb push burp.cer /data/tmp

ABD Connect:

adb connect 192.168.1.37:5555

Check for Application Package Name:

adb shell pm list packages

 adb shell pm list packages | grep MyAppName

Why can't I get root access from shell?

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

root access is disabled by system setting - enable in settings -> development options Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line.

You might need to activate adb root from the developer settings menu. If you run adb root from the cmd line you can get:

root access is disabled by system setting - enable in settings -> development options

Once you activate the root option (ADB only or Apps and ADB) adb will restart and you will be able to use root from the cmd line.

Run Frida Server Manually on Android:

onyx:/data/tmp # chmod 777 frida-server   
                                                                                                                                       
onyx:/data/tmp #      ./frida-server -l 192.168.1.37    

No module named frida

sudo pip3 install frida-tools
$ unlink /usr/local/bin/python
$ ln -s /usr/local/bin/python3.7 /usr/local/bin/python

Alternative

$ cd ~/
$ open -e .bash_profile

paste to the editor, to the top

 alias python='python3'

save, then run

$ source ~/.bash_profile

Get Minimum SDK from Android APK build

└─# aapt dump badging Your.APK   


package: name='com.yourapp' versionCode='1' versionName='1.0' compileSdkVersion='31' compileSdkVersionCodename='12'
sdkVersion:'21'
targetSdkVersion:'31'
uses-permission: name='android.permission.INTERNET'
uses-permission: name='android.permission.ACCESS_NETWORK_STATE'
uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
uses-permission: name='android.permission.VIBRATE'
uses-permission: name='android.permission.USE_BIOMETRIC'
uses-permission: name='android.permission.USE_FINGERPRINT'
...truncated for brevity

Decompile an Android Application with Dex2jar and Jd-GUI

Download Links:

_
Mirror
Wiki
Downloads

gh

sf

bb

gc

If bundled with kali then dont need to specify file/extension and just run with dex2jar

d2j-dex2jar.dh you-apk.apk

If everything goes OK, then you’ll get a you-apk-dex2jar.jar file in same folder.

Open you-apk-dex2jar.jar file in jd-GUI tool and you’ll see something like this.

GenyMotion Error with VirtualBox

/dev/vboxnetctl: no such file or directory

This worked for me (macOS Monterey). This reloads all VirtualBox's kernel extensions.

sudo kmutil load -b org.virtualbox.kext.VBoxUSB
sudo kmutil load -b org.virtualbox.kext.VBoxNetFlt
sudo kmutil load -b org.virtualbox.kext.VBoxNetAdp
sudo kmutil load -b org.virtualbox.kext.VBoxDrv

ADB : unable to connect to 192.168.1.10:5555

adb usb
adb tcpip 5555
adb connect 192.168.10.1:5555
PreviousMobile App SecurityNextSecurity Checklist

Last updated 8 months ago

Was this helpful?

Now open jd-GUI tool which you can download from

👾
https://github.com/frida/frida/releases/
http://java-decompiler.github.io/
https://github.com/pxb1988/dex2jar
Wiki
Releases
https://sourceforge.net/p/dex2jar
old
old
https://bitbucket.org/pxb1988/dex2jar
old
old
https://code.google.com/p/dex2jar
old
old
Android Root Detection Bypass Using Frida | Redfox SecurityRedfox Security
Logo
https://github.com/frida/frida/releases/download/15.2.2/frida-server-15.2.2-android-arm.xz