Successfully reported this slideshow.
Your SlideShare is downloading. ×

Android application analyzer

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

1 of 30 Ad

Android application analyzer

Download to read offline

The android application analyzer is the GUI to do the process of static analysis during the android application penetration testing with single-click support of jd-gui, apktool, MobSF, frida script hook and android logcat.

The android application analyzer is the GUI to do the process of static analysis during the android application penetration testing with single-click support of jd-gui, apktool, MobSF, frida script hook and android logcat.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to Android application analyzer (20)

Advertisement

Recently uploaded (20)

Android application analyzer

  1. 1. Android Application Analyzer - Sanjay Gondaliya
  2. 2. Agenda - Android Application Penetration Testing - Static Analysis - Dynamic Analysis - Common tools used - Demo - Android Application Analyzer
  3. 3. #Whoami - 8+ Years of experience in Information Technology - Sr. Security Consultant @NotSoSecure - Website: sanjaygondaliya.com
  4. 4. Android Application Penetration Testing - Static Analysis - Android Manifest Analysis - Exported Component - Debuggable, Backup Flag - Shared Preferences - SQLite Database - Sensitive information in logcat - Application Source Analysis - Source code obfuscation - Root Detection Check - SSL Pinning Implementation - Application Memory Dump - Dynamic Analysis - API Testing (OWASP Web Top 10)
  5. 5. Common Tools Used - Application manifest and code analysis (MobSF) - Apktool (To reverse the APK file) - Sandbox content analysis (shared preference file, SQLite DB) - sqlite3, cat, grep command in “adb shell” - Sensitive information in logcat (adb logcat) - Source code obfuscation (dex2jar -> jd-gui) - Frida universal ssl unpinning (To bypass ssl pinning) - Fridump (Memory dump analysis)
  6. 6. Static Analysis To check for Source-code obfuscation
  7. 7. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes
  8. 8. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider
  9. 9. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  10. 10. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  11. 11. Shared Preference Analysis
  12. 12. Sqlite Database Analysis
  13. 13. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  14. 14. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  15. 15. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
  16. 16. Static Analysis To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
  17. 17. Android Application Analyzer - GUI for Android Application static analysis - To Save Time - To cover all the test cases during penetration testing
  18. 18. Android Application Analyzer Android Application Analyzer
  19. 19. Prerequisites - Python3 - Frida client installed on host machine - MobSF available on http://localhost:8000 - For Universal Frida SSL Unpinning, Replace the burp certificate in “tools” directory - For Fridump, Application needs to be running on the device
  20. 20. Android Application Analyzer - Setup - Clone Repo from Git - git clone https://github.com/NotSoSecure/android_application_analyzer.git - Install pre-requisite - Linux/Unix - ./setup.sh - Windows - ./setup.bat
  21. 21. Demo - Sandbox content analysis (shared pref file, sqlite db) - Source code obfuscation (dex2jar -> jd-gui) - Apktool (To reverse the apk file) - Fridump (Memory dump analysis) - Frida universal ssl unpinning (To bypass ssl pinning) - Sensitive information in logcat (adb logcat) - Application manifest and code analysis (MobSF) - Smali debug/ apk code injection (Required uninstall app -> build app using apktool -> install app again) - Application sandbox snapshot for future reference
  22. 22. Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder
  23. 23. Demo Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder To check Sensitive information in Logcat
  24. 24. Demo Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  25. 25. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To check Sensitive information in Logcat
  26. 26. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To Hook the code, To Bypass SSL Pinning and other client- side validation To check Sensitive information in Logcat To bypass checks and carryon penetration testing
  27. 27. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat
  28. 28. Demo To check for Source-code obfuscation Debuggable Flag Backup Flag Exported Activity, Services, Broadcast, Provider Source Code Analysis Hardcoded Sensitive Information Deep link URL Schemes Install APK To check for sensitive information (Insecure Local Storage) • /data/data/AppFolder • /sdcard/data/AppFolder Exploitation Framework Exploit Exported Component • Activity • Services • Broadcast • Provider To bypass checks and carryon penetration testing To Hook the code, To Bypass SSL Pinning and other client- side validation To bypass client-side check, To trace certain function • Decompile Using APK • Modify the source using Text Editor • Compile APK from Modified Source • Sign APK using Sign.Jar • Uninstall old APK • Install New APK Source-Code Obfuscated To check Sensitive information in Logcat To dump App Memory
  29. 29. Thank you :)

×