Hey everyone ๐Ÿ‘‹,

Amjad Ali here, a passionate cybersecurity enthusiast and a Pen Tester. Today, I'm thrilled to present an article co-authored by my friend Sahil Choudhary, where we will guide you through the exciting journey of setting up an Android Pen Testing Lab. If you're eager to enhance your skills as a Bug Hunter or Pen Tester, this is the right place for you!

>> Introduction: Android penetration testing involves assessing the security of Android applications and devices. In this article, we will guide you through setting up an Android Pen Testing lab using Frida-Tools, Objection, and Frida server. We will also cover how to bypass SSL pinning, a common security measure used in Android apps.

>> Requirements To Set-Up Android Lab in Windows: Before we begin, make sure you have the following requirements in place:

  • Python: Install Python on your Windows machine.
  • Burp Suite: Download and install Burp Suite, a popular web application security testing tool.
  • Nox Player: Install Nox Player, an Android emulator for Windows.
  • Frida-Tools: Install Frida-Tools using the pip package manager.
  • Objection: Install Objection using the pip package manager.
  • Frida server: Download the appropriate Frida server based on your Android architecture.

>> Understanding Frida-Tools: Frida is a dynamic instrumentation toolkit that allows developers and security researchers to inject JavaScript or other scripting languages into running processes on various platforms. Frida-Tools provides a comprehensive set of powerful tools built on top of the Frida framework, enabling dynamic analysis, reverse engineering, and penetration testing of Android applications.

>> Introducing Objection: Objection is an open-source runtime mobile exploration toolkit specifically designed for Android application security testing and penetration testing. It leverages Frida's dynamic instrumentation capabilities to inject scripts into running Android processes, enabling security researchers to analyze, manipulate, and interact with Android apps on a dynamic level.

>> Understanding Frida-Server: Frida-Server is a crucial component of the Frida framework designed specifically for Android devices. It acts as a background service running on an Android device, facilitating the injection and execution of Frida scripts into Android applications. By injecting scripts, Frida-Server allows security analysts to monitor and manipulate the runtime behavior of Android apps, including intercepting method calls, analyzing network traffic, and bypassing security controls.

>> Step-by-Step Guide:

  • Check Python Installation: Open PowerShell and type the following command to check if Python is installed:
$ python --version
None
Check Python Installation
  • Install Frida-Tools: Open PowerShell and install Frida-Tools using pip:
$ pip install frida-tools
None
Install Frida-Tools
  • Install Objection: Open PowerShell and install Objection using pip:
$ pip install objection
None
Install Objection
  • Find Installed Package Paths: To find the path where the installed packages are stored, use the following commands:
$ pip show frida-tools
$ pip show objection
None

>> Modify System Environment Variables:

To set up the correct path for the Python Scripts directory, follow these steps:

  • In your case, the frida-tools package is stored in the following path: c:\users\dell\appdata\local\packages\pythonsoftwarefoundation.python.3.9_qbz5n2kfra8p0\localcache\local-packages\python39\site-packages
  • Navigate to the "Scripts" folder, which is one level above the current location. In your case, the path would be: c:\users\dell\appdata\local\packages\pythonsoftwarefoundation.python.3.9_qbz5n2kfra8p0\localcache\local-packages\python39\scripts
None
  1. Now, let's modify the system's environment variables to add this path:
  2. Open the Start menu and search for "Environment Variables." Select "Edit the system environment variables." In the System Properties window, click on the "Environment Variables" button.
None
Environment Variables
  • In the "System variables" section, select the "Path" variable and click the "Edit" button.
None
System variables
  • In the "Edit Environment Variable" window, add the path to the Python Scripts directory:
  • For example: C:\Users\Dell\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\Scripts
None
Edit Environment Variable
  • Click "OK" to close all windows.

The reason we modify the system's environment variables, specifically the "Path" variable, is to ensure that the command-line tools and executables associated with Python and its packages can be easily accessed from any directory in PowerShell or the command prompt.

When you add the path to the Python Scripts directory "C:\Users\Dell\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\Scripts" to the system's "Path" variable, it allows the system to locate and execute the Python-related commands and tools, such as frida, without specifying the full path every time.

By adding the Python Scripts directory to the "Path" variable, you ensure that the PowerShell or command prompt can locate the frida command and any other Python-related commands from any directory. This allows for a more convenient and streamlined development experience, as you can use these tools directly without having to navigate to their specific installation directory.

>> Verify Frida-Tools and Objection Installation: Open PowerShell and type the following commands to check if Frida-Tools and Objection are installed and working properly:

$ frida ps
$ objection
None
frida ps
None
objection

>> Getting the Android architecture:

  • Right-click on Nox Player and select "Open File Location" to navigate to the Nox Player/bin folder.
  • Open CMD on the Nox/bin path.
  • Type:
$ adb shell
and then
$ getprop ro.product.cpu.abi
None
  • Note down the architecture (e.g., x86 or arm64).

>> Download and Configure Frida Server:

  • Go to the Frida GitHub repository (https://github.com/frida/frida/releases).
  • Search for the appropriate Frida server version based on your Android architecture.
  • Like in my case it is "x86" so i will download "frida-server-16.1.1-android-x86.xz"
None
https://github.com/frida/frida/releases
  • Download the Frida server file.
  • Extract the file and put it into the Nox Player/bin folder.
None
Frida server file
  • Right-click on Nox Player and select "Open File Location" to navigate to the Nox Player/bin folder.
None
  • Open CMD in the Nox Player/bin path.
  • Run the following commands:
$ adb push  /data/local/tmp
$ adb shell
$ cd /data/local/tmp
$ chmod 777 
$ ./
None

At that time we don't need to start the frida server so we stop the frida server by using "Ctrl+C"

>> Configure Burp Suite:

  • Open Burp Suite and go to Proxy > Options.
  • Add a new proxy listener with a specific address (e.g., 192.168.116.1) and port (e.g., 8080).
None
  • In Nox Player, open the browser and enter the address and port (e.g., 192.168.116.1:8080).
None
  • Download the Burp CA Certificate.
  • In the File Manager of Nox Player, locate the downloaded Burp CA Certificate (cacert.der).
  • Rename the certificate to cacert.cer.
None
  • Go to Settings > Install Certificates and import the certificate.
None

>> Verify Burp Suite Configuration: To verify if Burp Suite is successfully configured, turn on the Intercept feature and search for something on Google within the Nox Player browser.

None

>> Bypass SSL Pinning:

  • Download an Android app (e.g., Quip App) for demonstration purposes.
  • Install the app in Nox Player.
  • Open PowerShell and run the following command to list all installed app package names:
$ frida-ps -Uai
None
frida-ps -Uai
  • Start the Frida server in Nox Player by following the previous steps.
$ adb shell
$ cd /data/local/tmp
$ ./
None
frida server start
  • Use the following command to perform runtime changes using Objection:
$ objection -g com.quip.quip explore
  • To bypass SSL pinning, execute the following command within Objection:
$ android sslpinning disable
None
SSL Pinning Bypass
  • Now, you can intercept the app's traffic.
None

>> Conclusion: Congratulations! You've successfully set up your own Android Pen Testing Lab using Frida-Tools, Objection, Frida Server, and learned how to bypass SSL pinning. With these powerful tools in your arsenal, you are now equipped to explore, analyze, manipulate, and interact with Android applications on a whole new dynamic level.

Thank you for reading this article. We hope this article has provided you with valuable insights and practical knowledge to fuel your passion for cybersecurity.

If you have any questions, thoughts, or want to share your own experiences, please feel free to leave a comment below. Let's continue supporting and inspiring each other as we embark on this fascinating cybersecurity adventure.

Keep hacking, stay secure, and happy hunting!