Skip to content

Android Penetration Testing

Frida Server for SSL Pinning Bypass

Requirements:

  • Rooted Adnroid Phone
  • Python 3
  • pip(pip3)

Install Frida framework, objection to your host

pip3 install frida-tools
pip3 install objection

Download Frida Server Extract and Rename the file to frida-server Move the file to the Adnroid Phone to /data/local/tmp/

Connect to adb shell to the android device

adb shell

Change to Root

su

Check if you are root

whoami

Change permissions to the /data/local/tmp/frida-server to be able to run the server

chmod 755 /data/local/tmp/frida-server

Run the Frida Server in background:

/data/local/tmp/frida-server

Warning

Do no close the terminal

Go Back to Host Terminal List all the Applications and find the name of the desired application you want to by bypass SSL Pinning

frida-ps -Ua

Now Run with the name of the application

objection -g c**********n explore -q

Now remove the SSL Pining with

android sslpinning disable

Set Proxy for Applciation with frida and objection

android proxy set 192.168.5.102 8081

mobFS Docker

change -v path according to your system

docker run \
-d \
-it \
-v /root/tools/mobSF:/root/.MobSF \
-h mobsf \
--name mobsf \
--restart always \
-e TZ=Asia/Jerusalem \
-p 50000:8000 \
opensecurity/mobile-security-framework-mobsf:latest

Tools

Tools Description
APK Tool A tool for reverse engineering Android apk files

How to Singe APK After Compile

Install apksigner

apt install -y apksigner

Create certificate at the same folder you've compiled your modified APK

keytool -genkey -v -keystore keystore.jks -keyalg RSA -keysize 2048 -validity 10000

Enter A password (we will need it to singe the APK), enter any data you wish for the certificate information. At the end enter 'y' at the end to create the certificate.

Now we should have 2 files: your.apk, keystore.jks. The only step left is to singe the APK with new certificate.

apksigner sign --ks keystore.jks your.apk

When installing the APK you will be prompted with a warning of "unknown certificate" just hit Install.

Apps and Tools For Android

Android Application Description
CiLocks - Android LockScreen Brutforece Python Script to brute force android lock
Network Analyzer Network Analyzer
Packet Capture Packet capture/Network traffic sniffer
Root Explorer File Manager for Root Users (Root Required)
Material Terminal Terminal

Comments