App penetration testing

Mobile App vulnerabilities

1: DEBUG mode is ON (android:debuggable= “true”)

Mobile device testing

1: Download the SDK Platform-Tools for Windows.

Website: https://developer.android.com/tools/releases/platform-tools

Connect the Mobile to the Computer for the Testing 1

2: Extract the SDK Platform-Tools folder.

3: Rename the platform-tools-latest-windows to the adb.

4: Cut the adb folder and paste it into the Disk C (Where Windows is installed).

5: Connect your mobile to your computer.

6: Enable the USB debugging option in the mobile.

7: Open the ADB Interface update driver.

Connect Mobile to the Computer for the Testing 2

8: Click on the Browse my computer for drivers.

Connect Mobile to the Computer for the Testing 3

9: Click on the Let me pick from a list of available drivers on my computer.

Connect Mobile to the Computer for the Testing 4

10: Select the ADB Device and install the drivers.

Connect Mobile to the Computer for the Testing 5

11: Open the Command Prompt.

Shortcutkey: Windows sign + R = cmd

12: Back up the directory in the Command Prompt.

Command: cd..

13: Back up the directory in the Command Prompt.

Command: cd..

14: Check the adb directory in the Command Prompt.

Command: dir

Connect Mobile to the Computer for the Testing 6

16: Go to the adb directory.

Command: cd adb

17: Then go to the platform-tools directory.

Command: cd platform-tools

18: Check the adb devices.

Command: .\adb devices

19: Give the permissions when the notification comes into your mobile.

20: The devices are attached.

Connect Mobile to the Computer for the Testing 7

21: Access to the Shell.

Command: .\adb shell

Connect Mobile to the Computer for the Testing 8

22: Check the packages.

Command: pm list packages

Connect Mobile to the Computer for the Testing 9

Api Testing

1: Download Postman.

Website: https://www.postman.com/downloads/

API testing demo websites free

API testing interview questions

1: What is API Security Testing?

Answer: API tests use extreme conditions and inputs when analyzing applications. This removes vulnerabilities and guards the app from malicious code and breakage. API tests can be integrated with GUI tests.

2: Software used for API testing.

Answer: Postman and Burp Suite.

How to find bugs in an Android phone

1: Download the Yaazhini software.

Website: https://www.vegabird.com/yaazhini/

2: Install the Yaazhini software.

3: Also install the JDK.

Website: https://www.oracle.com/java/technologies/downloads/

4: Upload the APK file and start the scan.

Mobile Security Framework

1: Open the MobSF (Mobile Security Framework) website.

Website: https://mobsf.live/

2: Scan the App.

3: Download the PDF Report.

Set up the mobile app pentesting labs APK

1: Download Genymotion.

Website: https://www.genymotion.com/product-desktop/download/

Set up the mobile app pentesting labs APK 1

2: Install Genymotion.

3: Create the Genymotion account.

Website: https://www-v1.genymotion.com/account/create/

Set up the mobile app pentesting labs APK 2

4: Check the Gmail account and activate the Genymotion account.

5: Open the Genymotion software.

6: Log in to a Genymotion account.

Set up the mobile app pentesting labs APK 3

7: Select the Personal Use.

Set up the mobile app pentesting labs APK 4

8: Add the Virtual Device.

Shortcut key: Ctrl + n

9: Install the Custom Phone.

Set up the mobile app pentesting labs APK 5

APK file online scanning

1: Scan the APK file online with the help of a Java decompiler.

Website: http://javadecompilers.com/

2: Download the scanned APK file zip.

AndroBugs Framework

1: What is AndroBugs Framework?

Answer: The AndroBugs Framework is an Android vulnerability analysis system that helps developers and hackers identify potential security vulnerabilities in Android applications. No splendid GUI interface, but the most efficient (less than 2 minutes per scan on average) and more accurate.

2: Download the AndroBugs Framework.

Website: https://github.com/AndroBugs/AndroBugs_Framework/releases