How to Create a Mobile Pentesting Environment

September 28, 2016 | Views: 17059

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Smartphone users are exposed to numerous threats after they use their phone. These threats can disrupt the operation of the smartphone, and transmit or modify user information. For these reasons, the applications deployed there must guarantee privacy and integrity of the data they handle. Mobile security involves protecting each personal and business data keep on and transmitted from smartphones, tablets, laptops and different mobile devices. Mobile security has become more and more necessary in mobile computing as a result of the day nowadays increase within the subtle attack strategies. Nearly 85th of the smartphones within the world goes by android OS. Thus securing the android devices has become a serious concern. The university of Cambridge concludes its finding stating that “on average 87.7% of android devices are exposed to a minimum of one in every of 11 identified vulnerabilities.” So, it is proved that all smartphones, as computers, are most popular targets of attacks.

Now we will look at how to find the vulnerability and exploit the android application. Here we will use “InsecureBankv2” as our vulnerable android app.

Before that, we have to create an environment for mobile penetration testing for android.

So our first step for creating a pen testing environment is to download Santuko OS which you can download it from here.

Now open any virtualization software like Virtual Box or VMware. In this article, I am using open source virtualization software by Oracle Virtual Box.

Create a new virtual machine for Santuko.

Now go to settings à Storage and select Santuko iso file where you have downloaded and click Okay then launch the newly created VM.

After few seconds of launching, a boot menu will appear select “Install – start the installer directly” and then install the Santuko OS.

So here our Santuko OS is installed. The first step is completed now let’s move on to next step that is installing Genymotion to create an AVD (Android Virtual Device).

 

You can download Genymotion from here .

Basically, Genymotion is a relatively fast Android emulator which comes with pre-configured Android with OpenGL hardware acceleration suitable for application testing.

After installing Genymotion, go to https://www.genymotion.com/account/create/  and create a free account there. Then come back to genymotion desktop application and use your credentials to log in.

Now next we have to create an AVD to do that click on ‘Add’ a menu will appear select android devices as per your need by version numbers and device brands then click Next.

 

Now here review the configuration of android virtual mobile and create a virtual device.

 

 

Here I created 2 virtual devices. Now select the devices and launch it.

 

This is our Android Virtual Device where you can test applications.

 

Now we have to connect santoku to our Android Virtual Device.

 

 

First, check the IP of Android Virtual Device.

 

open command line in Santuko and type:

adb connect <IP of Android Virtual Device>

You can check whether device is connected or not by typing:

adb devices

And here you can also run shell to enter in android mobile by typing:

adb shell

We can see that list is showing that 1 device connected.

Here our mobile pentesting environment is created.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
14 Comments
  1. Thanks for the info.
    I had just moved so everything is in boxes and my brain full of one hundred things I need to accomplish before the snow comes. Of course,I have my workstation up and running with internet connection. Can’t wait to try your Mobile Pentesting.

    Thanks again. Steve

  2. Hi,
    Cheers for the tutorial, is there any similar emulators for iOS and WindowsPhone devices?

    Thanks.

  3. seriously dont understand a bit off this write up

  4. The information is good, but your writing is a bit difficult to follow at times.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel