September 28, 2016
How to Create a Mobile Pentesting Environment
September 28, 2016
Smartphone users are exposed to numerous threats after they use their phone. These threats can disrupt the operation of the smartphone, and transmit or modify user information. For these reasons, the applications deployed there must guarantee privacy and integrity of the data they handle. Mobile security involves protecting each personal and business data keep on and transmitted from smartphones, tablets, laptops and different mobile devices. Mobile security has become more and more necessary in mobile computing as a result of the day nowadays increase within the subtle attack strategies. Nearly 85th of the smartphones within the world goes by android OS. Thus securing the android devices has become a serious concern. The university of Cambridge concludes its finding stating that “on average 87.7% of android devices are exposed to a minimum of one in every of 11 identified vulnerabilities.” So, it is proved that all smartphones, as computers, are most popular targets of attacks.
Now we will look at how to find the vulnerability and exploit the android application. Here we will use “InsecureBankv2” as our vulnerable android app.
Before that, we have to create an environment for mobile penetration testing for android.
So our first step for creating a pen testing environment is to download Santuko OS which you can download it from here.
Now open any virtualization software like Virtual Box or VMware. In this article, I am using open source virtualization software by Oracle Virtual Box.
Create a new virtual machine for Santuko.
Now go to settings à Storage and select Santuko iso file where you have downloaded and click Okay then launch the newly created VM.
After few seconds of launching, a boot menu will appear select “Install – start the installer directly” and then install the Santuko OS.
So here our Santuko OS is installed. The first step is completed now let’s move on to next step that is installing Genymotion to create an AVD (Android Virtual Device).
You can download Genymotion from here .Basically, Genymotion is a relatively fast Android emulator which comes with pre-configured Android with OpenGL hardware acceleration suitable for application testing.After installing Genymotion, go to https://www.genymotion.com/account/create/ and create a free account there. Then come back to genymotion desktop application and use your credentials to log in.
Now next we have to create an AVD to do that click on ‘Add’ a menu will appear select android devices as per your need by version numbers and device brands then click Next.
Now here review the configuration of android virtual mobile and create a virtual device.
Here I created 2 virtual devices. Now select the devices and launch it.
This is our Android Virtual Device where you can test applications.
Now we have to connect santoku to our Android Virtual Device. First, check the IP of Android Virtual Device.
open command line in Santuko and type:adb connect <IP of Android Virtual Device>You can check whether device is connected or not by typing:adb devicesAnd here you can also run shell to enter in android mobile by typing:adb shellWe can see that list is showing that 1 device connected.
Here our mobile pentesting environment is created.