Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • APK Information Gathering
  • Reverse Engineering & Analysis
  • Dynamic Analysis
  1. Marauder's Map

Mobile Application Pentesting

Presented below is a carefully compiled checklist for conducting penetration testing on mobile applications. It is not an exhaustive inventory but instead an evolving one, with ongoing updates planned as I progress in this journey. This checklist can be an excellent initial reference for beginners.

APK Information Gathering

Extracting insights from APK files is crucial for understanding permissions, embedded secrets, and third-party libraries. This process forms the foundation for identifying security vulnerabilities in mobile applications.

Process
Description
Tools that can be used

APK File Gathering

Obtaining the application from an Android device or the Play Store.

adb, apkpure, devices

Check Application Ecosystem

Attempt to grasp the fundamental components of the application, including its underlying technology.

apktool, jadx-gui, yazhini

Installation (Device)

Install the APK on an actual device

Physical Phones

Installation (Emulator)

Installing the APK on emulators

Genymotion, BlueStacks, Nox

Installation (Root)

Installing the APK on a rooted decice

Actual Phones

Reverse Engineering & Analysis

Reverse Engineering in mobile app testing involves dissecting the app's code and logic to uncover hidden features, assess vulnerabilities, and understand its internal workings, providing crucial insights for security analysts.

Process
Description
Tools that can be used

APK Analysis

Analyze the APK package, inspecting its contents such as assets, resources, manifest files, and META-INF.

apktool, adb, dex2jar, JDGUI, IDA Pro

Static Analysis

Conduct static analysis to identify sensitive information, such as passwords or API keys.

MobSF, adb, apktool, dex2jar, JDGUI

Debug Checking

Check the android:debuggable attribute.

Any Editor

Android Manifest

Check the AndroidManifest.xml thoroughly.

Any Editor

Dynamic Analysis

Dynamically assessing a mobile app's behavior during runtime reveals vulnerabilities, how the app handles sensitive data, and any potential malicious activities. This approach complements static analysis for a comprehensive security evaluation.

Process
Description
Tools that can be used

Applog

Review the application logs, examining entries related to processes from a particular application package.

pidcat, logcat

Root Detection

Examine the root detection mechanism and evaluate methods to bypass root detection.

Manual

Shared Preference

Upon initial login, the app requests the user's username and password. Subsequent logins do not require this information, as the app stores the login key in the shared preferences file "login_account.xml." Notably, this key can be extracted from one app and utilized by another.

Manual

WebView Vulnerabilities

Examine WebView settings for potential vulnerabilities.

MobSF, Manual

Storage Issue

Inspect the external storage of various data for security concerns.

Manual, sqlite

Secrets

Examine various locations for sensitive data such as keys and passwords.

Manual, grep

PreviousPrimerNextSide Channel Analysis

Last updated 1 year ago

🗺️
Page cover image