Tricks-Pentest-Android-and-iOS-Applications icon indicating copy to clipboard operation
Tricks-Pentest-Android-and-iOS-Applications copied to clipboard

Published 1 month ago verified publisher icon rodolfomarianocy

Metadata

Some Useful Tricks for Pentest Android and iOS Apps

Tricks - Mobile Penetration Tester (Android and iOS)

[x] In construction...

Tricks Pentest Mobile - Android [Topics]

  • Basic Apps Android

    • Android Architecture
    • Configuring the Emulated Environment
    • Communication with ADB (Android Debug Mode)
    • Sign the app
    • Install and Uninstall apk
    • Extract apk installed on the device

  • Magisk Tricks

    • Root AVD with Magisk - Emulated Environment
    • Plugins to automate recurring actions

  • Exploring Components

    • Activity Exploitation
    • Content Provider Exploitation

  • Insecure Data Storage Android

    • SQLite Databases
    • Shared Preferences
    • Internal Storage
    • External Storage
    • Backups for Sensitive Data
    • Dumping memory for Sensitive Data
    • Keystore

  • Misconfiguration in Android Apps

    • android:usesCleartextTraffic="true"
    • android:debuggable="true"
    • android:allowBackup="true"
    • Potentially Insecure Permissions
    • SDK Outdated
    • Janus Vulnerability (CVE-2017-13156)

  • Hooking with Frida and Objection on Android

    • Configure the Environment
    • Frida Tricks
    • Objection Tricks
    • Injecting Frida Gadget into an APK (non Rooted)

  • Reverse Engineering Android

    • Smali Assembler and Disassembler
    • Dex to Java Decompiler
    • Reverse Engineering React Native in Bundle
    • Dump Information About an Object File - Lib

  • Intercepting Traffic in Android Apps

    • Configuring Proxy
    • Adding Certificate to User
    • Adding Certificate to the System
    • Intercepting Mobile Apps in Flutter

  • Client-Side Protections - Android

    • Anti-Root Bypass
    • Anti-Emulator Bypass
    • SSL Pinning Bypass
    • End-to-End Encryption Bypass
    • Anti-Debugging Bypass
    • Anti-Hook Bypass
    • Flag Secure Bypass

  • Crack Android Pattern Lock

Tricks Pentest Mobile - iOS [Topics]

  • Basic Apps iOS

    • iOS Architecture
    • Methods of Distribution and Installation of iOS
    • Sign the app
    • Install and Uninstall an ipa

  • Jailbreak Information

    • Jailbreak Types (Untethered, Semi-Untethered, Semi-Tethered, Tethered)
    • Jailbreak Methods (Rootful, Rootless)
    • Communicating with your Jailbroken Device

  • Insecure Data Storage - iOS

    • NSUserDefaults/UserDefaults
    • PList Files
    • SQLite
    • Core Data
    • Dumping Memory for Sensitive Data
    • Keychain
    • Backup
    • Realm
    • Cache

  • Misconfiguration in iOS Apps

    • NSAllowsArbitraryLoads = true
    • NSAllowsLocalNetworking = true
    • Insecure Entitlements (get-task-allow)
    • Dynamic Library In debug mode (.debug.dylib)
    • UIFileSharingEnabled & LSSupportsOpeningDocumentsInPlace
    • Potentially Insecure Permissions

  • Hooking with Frida and Objection on iOS

    • Configure the Environment
    • Frida Tricks
    • Objection Tricks
    • Injecting Frida Gadget into an IPA (non Jailbroken)

  • Reverse Engineering iOS

    • Extracting a Decrypted .ipa from a Jailbroken Device
    • Static Reverse Engineering
    • Dynamic Reverse Engineering

  • Intercepting Traffic in iOS Apps

    • Configuring Proxy
    • Adding Certificate to User
    • Adding Certificate to System
    • Intercepting Mobile Apps in Flutter

  • Client-Side Protections - iOS

    • Anti-Jailbreak Bypass
    • Anti-Emulator Bypass
    • SSL Pinning Bypass
    • Anti-Hook Bypass
    • End-to-End Encryption Bypass

Tricks Pentest Mobile General- [Topics]

  • mTLS (mutual TLS)
    • mTLS Methods
    • TLS vs mTLS
    • mTLS Bypass
  • Creating Frida Scripts
    • Hooking
    • Frida Scripts in App Android
    • Frida Scripts in App iOS
  • Misconfigured Google Maps API Key Hardcoded
  • Facilitating Tools
    • libimobiledevice - A cross-platform FOSS library written in C to communicate with iOS devices natively [iOS]
    • Mobile Security Framework (MobSF) [Android/iOS]
    • scrcpy - screen copy [Android]
    • 3uTools - Useful Apple Mobile Device Management Tool [iOS]
    • AirServer - Screen Mirroring [Android/iOS]
    • Frida iOS hook - Tool to help Frida more easily [iOS]
    • Grapefruit - iOS runtime application instrumentation tool based on frida [iOS]
    • Runtime Mobile Security (RMS) - developed by FRIDA, it is a web interface that helps manipulate Android and iOS applications at runtime [Android/iOS]
    • Pithus - Mobile threat intelligence for the masses [Android/iOS]
  • Open Source Projects for Protection in Mobile Apps
  • Hands-on Labs
    • InsecureBankv2 [Android]
    • Damn Vulnerable Bank [Android]
    • goatdroid.apk [Android]
    • OVAA (Oversecured Vulnerable Android App) [Android]
    • EVABS (Extremely Vulnerable Android Labs) [Android]
    • Insecureshop [Android]
    • Allsafe [Android]
    • DVIA-v2 [iOS]
    • DVIA [iOS]
    • OWASP iGoat (Swift) [iOS]
    • Oversecured Vulnerable iOS App [iOS]
    • UnSAFE Bank [iOS]
    • Frida iOS Playground [iOS]

Metadata

151
Stars
28
Forks
151
Watchers

Owner

verified publisher icon rodolfomarianocy

Metadata

Some Useful Tricks for Pentest Android and iOS Apps

Back