there's some scripts i used for mobile pentesting in /scripts
dont use Drozer !!
- Frida :
pip install frida-toolspip instal frida - apktools and JADX-GUI : https://github.com/skylot/jadx https://github.com/iBotPeaches/Apktool
first before cloning this repo u must know that frida is dynamic instrumentation toolkit, it allows you to trace, modify, play with processes in native apps , by injection some javascript into your native application using python.
for our case we gonna use it for native android app 'i couldn't afford an apple device for ios :( '
you gotta root you device before using frida !!!!
-
and then you gotta install frida server on you device (if u have some extra ram use genymotion ;) )
-
note that u gotta download the right frida server that fits your device's archi (arm64 or x86 ...)
-
from terminal
adb push path/to/frida_server /data/local/tmpadb shell "chmod 755 /data/local/tmp/frida_server"adb shell /data/local/tmp/frida_server &---> frida will be running on the background make sure to kill it after u finish being a hacker .
-
frida_ssl_pinning_bypass.jsbypassing ssl pinning of applications like orange android app , so u can intercept it using burp how to launch it :frida -U -l frida_ssl_pinning_bypass.js -f name.of.package --no-pause -
pinning.jssame as the previous script but using a http proxy without burp "from command line" -
Imprementation_overriding_using_frida.pymodify the output of a methode "u must know the specific method that u want to change from reversing the apk " -
change_str_in_apk.pychange string in the reversed java -
bruteForcing_astatic_methode.pybruteforcing an input of a non static methode
all of this is by using jadx-gui
- check
android_manifest.xmlif it contains some permissions to SD card or local storage ar any other services permissions - check layouts like
main_activity.xmlfor hidden or hard coded strings or mayberesources.arsc/res/values/*.xml
!!!! important dont waste time just look forsecret , key , password , encrypted - then open the java
main_activity.javafirst thing to check is oncreate methode and all the other methos and classes called inside it - check any kind of encryption methods and understand them