Open in app

Sign in

Write

Sign in

Beginner Guide For Android Testing

DAKSHITA Agarwal
3 min readFeb 6, 2023

--

Disclaimer: My work on medium.com is for education purpose only, not for any illegal activities.

Pre-requisites:

  • Java (Jdk)
  • Python

In this article, we will discuss some tools required for mobile security assessment and their setup on a local machine and emulator/device. This article will be helpful for beginners as well as mature pentesters. To begin with mobile security assessment, we all know that a rooted device is required. For this, we can use either physical device or an emulator. So in this blog, we will use Gennymotion as our emulator.

Just to avoid any kind of technical problem, use the latest version of Gennymotion.

Gennymotion-Android Virtual device/Emulator

For mobile security assessment, we can categorise tools based on the different techniques of security assessment such as static and dynamic. Below table shows the list of these tools.

List of tools

Firstly, we will cover some general tools mentioned in the above table and then we will discuss others tools in parts.

FRIDA

It is free dynamic instrumentation toolkit. With the help of this, we can run some scripts over a software which is signed by the owner i.e. proprietary. With frida we can inject some malicious script into the live process of an android application to exploit the publicly known vulnerability.

To install frida following commands are required:

pip install frida
pip install frida-tools

Install frida on local/virtual machine

Frida server

For this setup, I am using frida-server-12.10.4-android-x86.xz for virtual device, but if you are using a physical device the you need to install ARM version. Now unzip this file and perform following steps for installation:

You can use apk tool to install frida server or you do it my way :) → Drag and drop. In this way your files with be saved in sdcard/Downloads

  • Take the shell of emulator using adb tool and move the frida server file to data/local/tmp
mv frida-server-12.10.4-android-x86 data/local/tmp
  • Use below command to rename the file as frida-server
mv frida-server-12.10.4-android-x86 frida-server
  • Change permission of frida-server
chmod +x frida

Frida server directory

  • Use below command to run the frida server

Frida server is running

In case you face below error while running frida server then kill its process and then run it again. After launching frida server, you can view all the applications running in the emulator with their process id and package name.

Frida error

Re-launch frida server

View list of applications/processes running

Objection

Objection is a runtime exploitation toolkit, based on frida, which will help you to perform mobile security assessment.

Below commands are used to install and run objection

pip3 install objection objection -g <process_id>/<package_name> explore

install objection

--

--

DAKSHITA Agarwal
DAKSHITA Agarwal

Written by DAKSHITA Agarwal

0 Followers
2 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams