Created
September 28, 2016 01:31
-
-
Save sempf/e3645da8abeae04bd8cdae6390353750 to your computer and use it in GitHub Desktop.
DerbyCon 2016 presentation - Breaking Android Apps for Fun and Profit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
What I'm talking about | |
• Intro | |
• Mobile Top 10 | |
• Set up a test Gmail account | |
• Connect it to Facebook, Twitter, Linkedin if you can. | |
Local test environment | |
• Genymotion | |
○ Required VirtualBox | |
○ Turn off Azure | |
• Burp Config | |
○ Set up the 8090 proxy listener | |
• Network Config | |
○ Trust the certificate | |
○ Set up the proxy in the network settings | |
• Viewing network traffic | |
○ Filtering in Burp | |
○ Ins and outs of API calls | |
○ Sometimes Burp doesn't show them! | |
○ Try ZAP, fiddler | |
• Testing the services | |
○ SoapUI | |
• Dev setup | |
○ Android Studio | |
○ ADB | |
• Log in with ADB | |
○ Adb devices | |
○ Already connected if virtual | |
○ Adb shell | |
○ This is basically a shell | |
• File system | |
○ It's just a linux box | |
○ You probably know where more interesting things are in here than me, frankly | |
• Where things are | |
○ In /data/data you'll find all the apps | |
○ That's a good place to start | |
• Downloading stuff | |
○ You can copy it to the host | |
○ Adb pull | |
○ Get a copy before and after logging into app | |
• Get the APK | |
○ That APK downloader I found | |
PC Test environment | |
• Using the Qark to scan | |
○ Linux only | |
• Using Virtuous Ten to code analysis | |
○ How to get a project installed. | |
○ It's just a ZIP file | |
○ You can just open it up | |
○ Manifest is a GREAT place to look | |
• What I test for (spreadsheet) | |
Device test environment (airdroid) | |
• Rooting | |
○ You can look this up | |
○ But there are root ROMs for most phones | |
○ Fastboot is a key command | |
• Other than that, all the same stuff applies | |
○ Run the app | |
○ Get the data files | |
○ Watch the network traffic | |
○ Get the APK | |
○ Decompile it | |
• Device specific stuff | |
○ Bluetooth | |
○ Camera | |
○ GPS | |
○ All better on the metal | |
• There are some nice tools | |
○ Local Proxy | |
○ File Manager | |
○ Nethunter | |
○ APK extractor | |
• Speaking of tools | |
○ I'm writing a tool to check for vulnerable libraries | |
○ Like retire.js, which I love a bunch | |
○ Feel free to help out | |
○ It's on github | |
• That's about it |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment