Mobile Security Controls

Mobile Security Controls

• Root/Jailbreak Detection

• Certificate Pinning

• Code Obfuscation

ADB Commands

List connected devices

adb devices

Get shell

adb shell

Install apk on the device

adb install <apk-name.apk>

Bypass Root Detection

List the applications installed on the device

frida-ps -Uai

Disable root using Objection

objection -g <package name> explore

android root disable

Bypass Certificate Pinning

Set up proxy in Burp Suite

• Go to Proxy tab

• Options

• Select on existing proxy settings and Click on Edit under Proxy Listeners

• Select All interfaces

• Yes

Set up Proxy Settings in the Mobile Device

• Open Wifi Settings

• Advanced Options

• Enable Manual Proxy

• Set the IP address as in the computer (In this case Kali VM)

• Set the Proxy port

Install Burp Certificate in the Mobile Device

• Open browser

• Visit: http://burp

• Click on the CA Certificate button

• Search "Cert" in the Settings

• Click on the Install Certificate option

• Install the certificate

Get the Package name for the apk

frida-ps -Uai

Bypass SSL Pinning using Objection

objection -g <package name OR application name> explore

android sslpinning disable