Mobile Security Controls

Mobile Security Controls

  • Root/Jailbreak Detection

  • Certificate Pinning

  • Code Obfuscation

All mobile security controls can be bypassed!

ADB Commands

List connected devices

adb devices

Get shell

adb shell

Install apk on the device

adb install <apk-name.apk>

Bypass Root Detection

List the applications installed on the device

frida-ps -Uai

Disable root using Objection

objection -g <package name> explore

android root disable

Bypass Certificate Pinning

Set up proxy in Burp Suite

  • Go to Proxy tab

  • Options

  • Select on existing proxy settings and Click on Edit under Proxy Listeners

  • Select All interfaces

  • Yes

Set up Proxy Settings in the Mobile Device

  • Open Wifi Settings

  • Advanced Options

  • Enable Manual Proxy

  • Set the IP address as in the computer (In this case Kali VM)

  • Set the Proxy port

Install Burp Certificate in the Mobile Device

  • Open browser

  • Visit: http://burp

  • Click on the CA Certificate button

  • Search "Cert" in the Settings

  • Click on the Install Certificate option

  • Install the certificate

Get the Package name for the apk

frida-ps -Uai

Bypass SSL Pinning using Objection

objection -g <package name OR application name> explore

android sslpinning disable

PreviousMobile Application Pentesting Part 3NextDynamic Analysis

Last updated