Android pentesting Setup Environment
I creat small bash script to install and setup environment in android emulator
tools setup with script
- Adb
- jadx
- apktool
- apkleads
- fireBase Scanner
- drozer
- frida
- burp
- nucli
Language install will script
- python3 python2
- pip3 pip2
- go
- java
Installation:
1
2
3
4
git clone https://github.com/xenion0/Android_install.git
cd Android_install
chmod +x setup.sh
./setup.sh
Requirement to Run Script
1- Install burp suite
Now you would need to set up a Burp CA’s certificate into the emulated Navigate to
Burp -> Proxy -> Options -> Export CA certificate -> Certificate in DER format. Certificate DER will be input to Script
3- Install Genymotion
Usage Script
After Run Script
1- Burp
The certificate should now be installed as a system trusted CA certificate
which you can confirm by navigating the emulated device in
Settings -> Security & Location -> Encryption & Credentials -> Trusted Credentials
The last thing to do is on the emulated device you should also set up the WiFi 
2- Drozer
allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS.
Drozer Agent will be installed in Genymotion emulator settings. Navigate to WiFi -> Long press WiFi name -> Modify Network -> Advanced Options -> Change proxy None to Manual.
Run Drozer without open agent
1
2
3
adb forward tcp:31415 tcp:31415
adb shell am startservice -n com.mwr.dz/.services.ServerService -c com.mwr.dz.START_EMBEDDED
drozer
3- Frida
This is a dynamic code instrumentation toolkit which lets you dynamically inject snippets of code into running processes of the app in order to change its behavior.
when Script finish will find frida server in /data/local/tmp
run frida
1
2
3
adb shell "/data/local/tmp/frida-server &"
frida-ls-devices
frida-ps -U
Future work
Future script to recon and do some daily routine static analysis tasks for android recon and recon_profile