Android Pentesting Wiki
https://gitlab.com/newbit/rootAVD
Rooting with rootAVD also installs magisk
Using magisk:
https://github.com/nccgroup/ConscryptTrustUserCerts
^ just install the cert normally by going to http://burp and it should end up in the trusted CA store.
Remember to reboot device adb reboot
Manually:
Export the CA Certificate in DER format > cacert.der
Convert to PEM format:
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1
mv cacert.pem <hash>.0
Run emulator from command-line with the following options:
~/Library/Android/sdk/emulatoremulator -avd <youremulatordevicename> -writable-system
Use the following sequence to remount:
$ adb root
$ adb disable-verity
$ adb reboot
$ adb wait-for-device
$ adb root
$ adb remount
then
adb push <cert>.0 /system/etc/security/cacerts/
`adb shell "chmod 664 /system/etc/security/cacerts/hash.0"
Grab frida-server from https://github.com/frida/frida/releases
copy to /data/local/tmp/ on device
Run
chmod 755 frida-server
./frida-server &
Check adb can see device
adb devices -l
Check process list
frida-ps -U
Check packages
adb shell pm list packages blah
Disable root detection and bypass sslpinning
frida -l both.js -U -f com.blah.app --no-pause
Use all ssl bypass for harder apps
run adbd insecure
adb root
adb mount
adb pull /data/user/0/appfolder/ /makeafoldertocopy
objection --gadget 8710 explore
env
android <tab complete for other options>
#MobSF to analyse APK #Androbugs
adb shell pm list packages
adb shell pm path <packagename.apk>
adb shell cp /data/app/<packagename.apk> /sdcard
adb pull /sdcard/base.apk
## RMS
`https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security`
## Installing play store on emulator
https://stackoverflow.com/questions/71815181/how-can-i-get-google-play-to-work-on-android-emulator-in-android-studio-bumblebe