Android Penetration Testing
- Description
- Curriculum
- FAQ
- Reviews
In this course you will be learning about the basics of android pentesting. Throughout the lectures you will be covering how to start analysing android application and cover different vulnerabilities in the vulnerable application DIVA : Damn Insecure and Vulnerable Application. Lets take a look at some important areas we are going to cover in our course –
1. We will reverse the application to get the source code.
2. We will be analysing the application code and finding the vulnerability.
3. We will understand the difference between unzipping and decompiling an apk.
4. We will capture the browser requests of our mobile on the kali vm and analyse the traffic.
5. The vulnerabilities we are going to cover are :
i. Insecure Logging
ii. Hardcoding Issues
iii. Insecure Data Storage
iv. Input Validation Issue
v. Access Control Issue
In the end of of the course we will complete all the 13 exercises of DIVA application and learn the basics of android penetration testing.
-
2
Preparing Kali Linux and GenymotionWe will be setting up our machines on the host. A kali linux on VM and Genymotion for mobile. All of them should be in a same network and we are going to setup these machines on bridges network for ease.
-
3
Using adb (Android Degub Bridge) and Installing-Uninstalling an application
We will understand the use of adb for future practicals. And using the adb we will learn how to install and uninstall any android apk.
-
4
Unzipping Android Application
Now we will learn how to unzip an android apk. Here we will learn the difference between unzipping and decompiling any apk file.
-
5
Decompiling Android Application
After unzipping an apk file we got to know the need of decompiling or reversing an android apk. We will learn how to do it in three different methods but only one of them is recommended which we will cover in detail.
-
6
Dex File Analysis
Analysing dex file will come in handy throughout our future practicals.
-
7
Capturing Android Traffic
Analysing android traffic is not needed for any practical in diva but I have added this for additional educational advantage and will be helpful in future for sure in application traffic analysis and bug bounty.
