Android Testing Cheatsheet
Android Testing Cheatsheet - Configuring tools and mobile device for Android app testing and find vulnerabilities. Updated on 4/20/2020
Extract APK’s from device
adb shell pm list packages | grep [name] adb shell pm path <package name> adb pull /path/to/app/base.apk /path/to/desired/location
apktool d application.apk
Convert APK to JAR
Restore factory image (unroot) Pixel
sudo apt install -y adb fastboot fastboot erase userdata fastboot update image-*
Root Android Device (Pixel)
Note: There may be different methods required to root specific Android devices and versions. The methods in the following YouTube link are specific to a Google Pixel! You should be searching for how to root your device model and follow those instructions.
https://www.youtube.com/watch?v=zNjsb_V8NBk (Check for links in video description!)
Install CA certificate on device
This section assumes that the device is already rooted.
If Burp Proxy: Options tabs, click ‘Import/export CA certificate’. Click ‘Certificate in DER format’ and then click the ‘Next’ button. Save the file.
If ZAP: go to Tools, Options, Dynamic SSL Certificates and click the save button.
Convert the certificate:
openssl x509 --inform DER -in cacert.der -out cacert.pem openssl x509 --inform PEM -subject_hash_old -in cacert.pem | head -1 mv cacert.pem <hash>.0
Copy cert to device:
adb push 9a5ba575.0 /sdcard/
Remount file system r/w on physical device:
adb shell su mount -o rw,remount rootfs /
Remount file system r/w on Genymotion device:
adb shell mv /sdcard/9a5ba575.0 /system/etc/security/cacerts/ chmod 644 /system/etc/security/cacerts/9a5ba575.0 reboot
Install adb and fastboot
sudo apt install -y adb fastboot
Install Drozer on a workstation (Debian/Ubuntu/Kali)
- Install prerequisites
- Install Oracle Java 1.6
- Download. Requires Oracle login which is free.
- Extract bin file and move to /usr/lib/jvm/java-6-oracle.
- Set JAVA_HOME in .bashrc:
- Download and install drozer deb.
- Drozer agent
- Download drozer agent apk.
- Install Drozer on mobile device:
adb install drozer-agent-2.3.4.apk
- Port forward:
adb forward tcp:31415 tcp:31415
- Connect to a physical device:
drozer console connect --server <server IP (mobile device)>
- List modules:Find out more information on the app:
run app.package.info -a (application)
- Drozer guide
Other mobile analysis tools
Install and run tcpdump
First you need to obtain a tcpdump binary compiled for ARM architecture. You can find it at this link: https://www.androidtcpdump.com/android-tcpdump/downloads
Install tcpdump on the rooted device:
adb shell su mount -o rw,remount rootfs / adb push ./tcpdump /system/xbin/tcpdump
Run tcpdump and select an interface:
Start the capture, saving to sdcard:
tcpdump -vv -i any -s 0 -w /sdcard/dump.pcap
Retrieve the capture from the device:
adb pull /sdcard/dump.cap .
The MASVS establishes baseline security requirements for mobile apps that are useful in many scenarios, including:
- In the SDLC - to establish security requirements to be followed by solution architects and developers;
- In mobile app penetration tests - to ensure completeness and consistency in mobile app penetration tests;
- In procurement - as a measuring stick for mobile app security, e.g. in form of questionnaire for vendors;
The MASVS is a sister project of the OWASP Mobile Security Testing Guide.