Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learning Pentesting for Android Devices
  • Table Of Contents Toc
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

By : Aditya Gupta
4.3 (11)
Buy this Book
close
close
Learning Pentesting for Android Devices

Learning Pentesting for Android Devices

4.3 (11)
By: Aditya Gupta
Buy this Book

Overview of this book

Table of Contents (18 chapters)
close
close
close
Learning Pentesting for Android Devices
Icon
Learning Pentesting for Android Devices
Credits
Icon
Credits
Foreword
Icon
Foreword
About the Author
Icon
About the Author
Acknowledgments
Icon
Acknowledgments
About the Reviewers
Icon
About the Reviewers
www.PacktPub.com
Icon
www.PacktPub.com
Preface
Icon
Preface
Lock Free Chapter
1
Getting Started with Android Security
Icon
Getting Started with Android Security
Icon
Introduction to Android
Icon
Digging deeper into Android
Icon
Sandboxing and the permission model
Icon
Application signing
Icon
Android startup process
Icon
Summary
2
Preparing the Battlefield
Icon
Preparing the Battlefield
Icon
Setting up the development environment
Icon
Useful utilities for Android Pentest
Icon
Summary
3
Reversing and Auditing Android Apps
Icon
Reversing and Auditing Android Apps
Icon
Android application teardown
Icon
Reversing an Android application
Icon
Using Apktool to reverse an Android application
Icon
Auditing Android applications
Icon
Content provider leakage
Icon
Insecure file storage
Icon
OWASP top 10 vulnerabilities for mobiles
Icon
Summary
4
Traffic Analysis for Android Devices
chevron up
Icon
Traffic Analysis for Android Devices
Icon
Android traffic interception
Icon
Ways to analyze Android traffic
Icon
HTTPS Proxy interception
Icon
Extracting sensitive files with packet capture
Icon
Summary
5
Android Forensics
Icon
Android Forensics
Icon
Types of forensics
Icon
Filesystems
Icon
Using dd to extract data
Icon
Using Andriller to extract an application's data
Icon
Using AFLogical to extract contacts, calls, and text messages
Icon
Dumping application databases manually
Icon
Logging the logcat
Icon
Using backup to extract an application's data
Icon
Summary
6
Playing with SQLite
Icon
Playing with SQLite
Icon
Understanding SQLite in depth
Icon
Security vulnerability
Icon
Summary
7
Lesser-known Android Attacks
Icon
Lesser-known Android Attacks
Icon
Android WebView vulnerability
Icon
Infecting legitimate APKs
Icon
Vulnerabilities in ad libraries
Icon
Cross-Application Scripting in Android
Icon
Summary
8
ARM Exploitation
Icon
ARM Exploitation
Icon
Introduction to ARM architecture
Icon
Setting up the environment
Icon
Simple stack-based buffer overflow
Icon
Return-oriented programming
Icon
Android root exploits
Icon
Summary
9
Writing the Pentest Report
Icon
Writing the Pentest Report
Icon
Basics of a penetration testing report
Icon
Writing the pentest report
Icon
Summary
Icon
Security Audit of
Icon
Table of Contents
Icon
1.
Icon
2. Auditing and Methodology
Icon
3. Conclusions
1
Index
Icon
Index

HTTPS Proxy interception

The preceding method will work in the normal traffic interception of application and browser when they are communicating via the HTTP protocol. In HTTPS, we will get an error due to the certificate mismatch, and thus we won't be able to intercept the traffic.

However, in order to solve the challenge, we will be creating our own certificate or Burp/PortSwigger and installing it on the device. In order to create our own certificate, we will need to set up a proxy in Firefox (or any other browser or global proxy):

  1. To set up a proxy in Firefox, go to Options present in Tools (Firefox | Preferences on Mac) and go to the Advanced tab. Under the Advanced tab, we will click on the Network option.

  2. Once in the Network tab, we need to click on Settings in order to configure the proxy with Firefox.

  3. Once done, go to the HTTPS website on our system browser of which we would want to intercept the traffic on our device. Here we will receive a The Network is Untrusted message. Click...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Learning Pentesting for Android Devices
End of Section 4
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon