Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
340 views24 pages

Check List - Mobile Application Testing II

Uploaded by

Jean Granados
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
340 views24 pages

Check List - Mobile Application Testing II

Uploaded by

Jean Granados
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

#Back to Root!

HOME    SERIES DE ENTRADAS    RETOS    PODCAST    AUTORES    CONTACTO     
                                   

Check List - Mobile Application Testing II


en CheckList, Hacking, Hacking Mobile, OWASP, Pentesting  con 1 comentario

Regularmente ando revisando y buscando algunos Check List para las diferentes tareas de pentesting como esta de  Check List - Web
Application Testing y hace un par de meses atras vinimos con uno semejante que es Check List - Mobile Application Testing debido a
ello esta es una versión II y seguro se preguntan que tiene de diferente a la anterior. 

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
 

Este checklist fue realizado de una manera totalmente diferente pero si basado en el OWASP Top 10 Mobile si veran en el boton que
esta despues del enlace de descarga cuenta con un listado propio de herramientas para cada etapa.

Descargar Check List

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Ver Contenido

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on speci c mobile
application penetration testing topics.

All-in-one Mobile Security Frameworks


Android Application Penetration Testing
Android Testing Distributions
Reverse Engineering and Static Analysis
Dynamic and Runtime Analysis
Network Analysis and Server Side Testing
Bypassing Root Detection and SSL Pinning
Security Libraries
iOS Application Penetration Testing
Access Filesystem on iDevice
Reverse Engineering and Static Analysis
Dynamic and Runtime Analysis
Network Analysis and Server Side Testing
Bypassing Root Detection and SSL Pinning
Security Libraries
Contribution
License

All-in-One Mobile Security Frameworks

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Mobile Security Framework - MobSF - Mobile Security Framework is an intelligent, all-in-one open source
mobile application (Android/iOS) automated pen-testing framework capable of performing static and
dynamic analysis.
python manage.py runserver 127.0.0.1:1337

Android Application Penetration Testing


Android Testing Distributions
Appie - A portable software package for Android Pentesting and an awesome alternative to existing
Virtual machines.
Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals.
AppUse - AppUse is a VM (Virtual Machine) developed by AppSec Labs.
Mobisec - Mobile security testing live environment.
Santoku - Santoku is an OS and can be run outside a VM as a standalone operating system. ####
Reverse Engineering and Static Analysis
APKInspector - APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
APKTool - A tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources
to nearly original form and rebuild them after making some modi cations.
Disassembling Android apk le
apktool d [apk le]
Rebuilding decoded resources back to binary APK/JAR with certi cate signing
apktool b [modi ed folder]
keytool -genkey -v -keystore keys/test.keystore -alias Test -keyalg RSA -
keysize 1024 -sigalg SHA1withRSA -validity 10000

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
jarsigner -keystore keys/test.keystore dist/test.apk -sigalg SHA1withRSA -
digestalg SHA1 Test
Dex2jar - A tool for converting .dex le to .class les (zipped as jar).
Converting apt le into jar le
dex2jar [apk le]
Oat2dex - A tool for converting .oat le to .dex les.
Deoptimize boot classes (The output will be in "odex" and "dex" folders)
java -jar oat2dex.jar boot [boot.oat le]
Deoptimize application
java -jar oat2dex.jar [app.odex] [boot-class-folder output from above]
Get odex from oat
java -jar oat2dex.jar odex [oat le]
Get odex smali (with optimized opcode) from oat/odex
java -jar oat2dex.jar smali [oat/odex le]
JD-Gui - A tool for decompiling and analyzing Java code.
FindBugs + FindSecurityBugs - FindSecurityBugs is a extension for FindBugs which include security rules
for Java applications.
Qark - This tool is designed to look for several security related Android application vulnerabilities, either
in source code or packaged APKs.
AndroBugs - AndroBugs Framework is an ef cient Android vulnerability scanner that helps developers or
hackers nd potential security vulnerabilities in Android applications. No need to install on Windows.
Simplify - A tool for de-obfuscating android package into Classes.dex which can be use Dex2jar and JD-
GUI to extract contents of dex le.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
simplify.jar -i [input smali les or folder] -o [output dex le]
ClassNameDeobfuscator - Simple script to parse through the .smali les produced by apktool and extract
the .source annotation lines.

Dynamic and Runtime Analysis


Introspy-Android - Blackbox tool to help understand what an Android application is doing at runtime and
assist in the identi cation of potential security issues.
Cydia Substrate - Cydia Substrate for Android enables developers to make changes to existing software
with Substrate extensions that are injected in to the target process's memory.
Xposed Framework - Xposed framework enables you to modify the system or application aspect and
behaviour at runtime, without modifying any Android application package(APK) or re- ashing.
CatLog - Graphical log reader for Android.
Droidbox - DroidBox is developed to offer dynamic analysis of Android applications.
Frida - The toolkit works using a client-server model and lets you inject in to running processes not just
on Android, but also on iOS, Windows and Mac.
Drozer - Drozer allows you to search for security vulnerabilities in apps and devices by assuming the role
of an app and interacting with the Dalvik VM, other apps' IPC endpoints and the underlying OS.
Starting a session
adb forward tcp:31415 tcp:31415
drozer console connect
Retrieving package information
run app.package.list -f [app name]
run app.package.info -a [package name]
Identifying the attack surface

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
run app.package.attacksurface [package name]
Exploiting Activities
run app.activity.info -a [package name] -u
run app.activity.start --component [package name] [component name]
Exploiting Content Provider
run app.provider.info -a [package name]
run scanner.provider. nduris -a [package name]
run app.provider.query [uri]
run app.provider.update [uri] --selection [conditions] [selection arg] [column]
[data]
run scanner.provider.sqltables -a [package name]
run scanner.provider.injection -a [package name]
run scanner.provider.traversal -a [package name]
Exploiting Broadcast Receivers
run app.broadcast.info -a [package name]
run app.broadcast.send --component [package name] [component name] --
extra [type] [key] [value]
run app.broadcast.sniff --action [action]
Exploiting Service
run app.service.info -a [package name]
run app.service.start --action [action] --component [package name]
[component name]
run app.service.send [package name] [component name] --msg [what] [arg1]
[arg2] --extra [type] [key] [value] --bundle-as-obj
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Network Analysis and Server Side Testing
Tcpdump - A command line packet capture utility.
Wireshark - An open-source packet analyzer.
Live packet captures in real time
adb shell "tcpdump -s 0 -w - | nc -l -p 4444“
adb forward tcp:4444 tcp:4444
nc localhost 4444 | sudo wireshark -k -S -i –
Canape - A network testing tool for arbitrary protocols.
Mallory - A Man in The Middle Tool (MiTM) that use to monitor and manipulate traf c on mobile devices
and applications.
Burp Suite - Burp Suite is an integrated platform for performing security testing of applications.
Proxydroid - Global Proxy App for Android System.

Bypassing Root Detection and SSL Pinning


Android SSL Trust Killer - Blackbox tool to bypass SSL certi cate pinning for most applications running on
a device.
Android-ssl-bypass - an Android debugging tool that can be used for bypassing SSL, even when
certi cate pinning is implemented, as well as other debugging tasks. The tool runs as an interactive
console.
RootCoak Plus - Patch root checking for commonly known indications of root.

Security Libraries
PublicKey Pinning - Pinning in Android can be accomplished through a custom X509TrustManager.
X509TrustManager should perform the customary X509 checks in addition to performing the pinning

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
con guration.
Android Pinning - A standalone library project for certi cate pinning on Android.
Java AES Crypto - A simple Android class for encrypting & decrypting strings, aiming to avoid the classic
mistakes that most such classes suffer from.
Proguard - ProGuard is a free Java class le shrinker, optimizer, obfuscator, and preveri er. It detects and
removes unused classes, elds, methods, and attributes.
SQL Cipher - SQLCipher is an open source extension to SQLite that provides transparent 256-bit AES
encryption of database les.
Secure Preferences - Android Shared preference wrapper than encrypts the keys and values of Shared
Preferences.
Trusted Intents - Library for exible trusted interactions between Android apps.

iOS Application Penetration Testing


Access Filesystem on iDevice
FileZilla - It supports FTP, SFTP, and FTPS (FTP over SSL/TLS).
Cyberduck - Libre FTP, SFTP, WebDAV, S3, Azure & OpenStack Swift browser for Mac and Windows.
itunnel - Use to forward SSH via USB.
iFunbox - The File and App Management Tool for iPhone, iPad & iPod Touch.

Reverse Engineering and Static Analysis


otool - The otool command displays speci ed parts of object les or libraries.
Clutch - Decrypted the application and dump speci ed bundleID into binary or .ipa le.
Dumpdecrypted - Dumps decrypted mach-o les from encrypted iPhone applications from memory to
disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
iPod:~ root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib
/var/mobile/Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Scan.app/Scan
class-dump - A command-line utility for examining the Objective-C runtime information stored in Mach-
O les.
Weak Classdump - A Cycript script that generates a header le for the class passed to the function. Most
useful when you cannot classdump or dumpdecrypted , when binaries are encrypted etc.
iPod:~ root# cycript -p Skype weak_classdump.cy; cycript -p Skype
#cy weak_classdump_bundle([NSBundle mainBundle],"/tmp/Skype")
IDA Pro - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that
offers so many features it is hard to describe them all.
HopperApp - Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble,
decompile and debug your 32/64bits Intel Mac, Linux, Windows and iOS executables.
iRET - The iOS Reverse Engineering Toolkit is a toolkit designed to automate many of the common tasks
associated with iOS penetration testing.

Dynamic and Runtime Analysis


cycript - Cycript allows developers to explore and modify running applications on either iOS or Mac OS X
using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax
highlighting and tab completion.
Show current view
cy#
UIApp.keyWindow.rootViewController.topViewController.visibleViewController
Get an array of existing objects of a certain class
cy# choose(UIViewController)
List method at runtime
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
cy# [classname].messages or
cy# function printMethods(className) { var count = new new Type("I"); var
methods = class_copyMethodList(objc_getClass(className), count); var
methodsArray = []; for(var i = 0; i < *count; i++) { var method = methods[i];
methodsArray.push({selector:method_getName(method),
implementation:method_getImplementation(method)}); } free(methods);
free(count); return methodsArray; }
cy# printMethods("[classname]")
Prints out all the instance variables
cy# function tryPrintIvars(a){ var x={}; for(i in a){ try{ x[i] = (a)[i]; } catch(e){} }
return x; }
cy# a=#0x15d0db80
cy# tryPrintIvars(a)
Manipulating through property
cy# [a pinCode]
cy# [a setPinCode: @"1234"]
cy# [a isValidPin]
cy# a->isa.messages['isValidPin'] = function(){return 1;}
iNalyzer - AppSec Labs iNalyzer is a framework for manipulating iOS applications, tampering with
parameters and method.
idb - idb is a tool to simplify some common tasks for iOS pentesting and research.
snoop-it - A tool to assist security assessments and dynamic analysis of iOS Apps.
Introspy-iOS - Blackbox tool to help understand what an iOS application is doing at runtime and assist in
the identi cation of potential security issues.
gdb - A tool to perform runtime analysis of IOS applications.

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
keychaindumper - A tool to check which keychain items are available to an attacker once an iOS device
has been jailbroken.
BinaryCookieReader - A tool to dump all the cookies from the binary Cookies.binarycookies le.

Network Analysis and Server Side Testing


Canape - A network testing tool for arbitrary protocols.
Mallory - A Man in The Middle Tool (MiTM) that use to monitor and manipulate traf c on mobile devices
and applications.
Burp Suite - Burp Suite is an integrated platform for performing security testing of applications.
Charles Proxy - HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the
HTTP and SSL / HTTPS traf c between their machine and the Internet.

Bypassing Root Detection and SSL Pinning


SSL Kill Switch 2 - Blackbox tool to disable SSL certi cate validation - including certi cate pinning -
within iOS and OS X Apps.
iOS TrustMe - Disable certi cate trust checks on iOS devices.
Xcon - A tool for bypassing Jailbreak detection.
tsProtector - Another tool for bypassing Jailbreak detection.

Security Libraries
PublicKey Pinning - iOS pinning is performed through a NSURLConnectionDelegate. The delegate must
implement connection:canAuthenticateAgainstProtectionSpace: and
connection:didReceiveAuthenticationChallenge:. Within connection:didReceiveAuthenticationChallenge:,
the delegate must call SecTrustEvaluate to perform customary X509 checks.

Contribution
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Your contributions and suggestions are welcome.

License

This work is licensed under a Creative Commons Attribution 4.0 International License
 LABS

Veran que el Check List es bastante completo, por mi parte cuando tenga la oportunidad de usarlo en campo de batalla lo tendre en
cuenta y comentare el uso del mismo con todo lo que engloba a continuación les dejo la fuente en GITHUB. 
Fuente
Regards,
Snifer

Regards,
Snifer

Compartir:   

Te puedes interesar:

Wireless Pwneando
Pentesting: So Easy OpenELEC
CEH I - Un vistazo a Writeup De- BurpSuite XXVIII -
A Cave Man Can Do
la Seguridad de la ICE_S1.140 por Trabajando con
It with N4P A
Información @BalderramaEric
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Network Nmap y BurpSuite
Framework 4 con NmapParser
Pentesters

Entrada más reciente Página principal Entrada antigua

1 comentario:

Barry Queen 27 sept. 2016 1:56:00


Muchas gracias por la información.
Responder

Introduce tu comentario...

Comentar como: Cuenta de Goo

Publicar Vista previa

Hola visitante! deja tu comentario sobre la entrada no spam!

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Enlaces a esta entrada
Crear un enlace

#HTB #Indexados
Snifer Hacker Geek Scripting
Rank: 615 10 5
hackthebox.eu
Se me Cayo un Exploit!

Overload

Isseu
About me Neobits

World of Wargame

¿Quien es Snifer?
Donaciones

Ingresa tu correo electronico:


Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Categories
Subscribe

0day 0xword 101 1GbdeInfo 1Libro a la Semana 4n6 8.8 Bolivia 8dot8 Acertijo Aclaraciones Active Directory A
Análisis Forense Android Angelucho Anonimato Anonymous AntiForensic Antivirus Apache APK Aplic
Argentina ARM Arp Atacando al atacante Ataque Físico AUDITtool Autoit Automation Automatización Avira B
Datos Bash Bash Bunny Bashert Beamer Big Data Bing Bitcoin BlackHat Bolivia Bookmarks Bootnet Bots B
Bugtraq BurpSuite Buscadores Buster C C++ C2 Capacitaciones Cápsulas de Seguridad Capture the Flag
Charlas Cheat Sheet CheckList Chema Alonso Chile Chinoogawa Chrome Chronium CICADA Cifrado Cisco
Compiladores Comunicado Conasol Conceptos Conferencias Conky Conociendo sobre Malware Cons
Cracking Craft CraftBooks Criptogra a Crypter Css CTF Cube Craft Curiosidades Curl Curso Online Dam
Debian Debugging Dedalo Deface Defcon Dendroid Dennis Ritchie Desa os Desarrollo Seguro Desvariaciones
Dibujando Dirbuster Diseño Distribuciones Django DNSCrypt Docker Documentacion Documentales Docum
DragonJar Drivers DROWN Drupal Easy Scripts Eavesdrooping Ebook Eclipse eJPT Ekoparty El mundo loco d
EnelPC English Entel Entrevistas Enumeration Escalamiento de Privilegios Escaner de Vulnerabilidades Estegan
Exploiting Explotación ExtJS Ezines Facebook Faraday Fasm FastTrack FBHT Fedora FFoS Fideos de Python
Blog Archive Forensic Formato PE Frameshock Framework Fuerza Bruta FullDisclosure Fuzzer GAE GameBoy GDB Gedit Ge
Google App Engine Gr2Dest Grampus Grep Guia Guia de Shodan Hackeado Hacker Hacker Épico Hackers Hack
Hacking Fisico Hacking Kids Hacking Lab Hacking Mexico Hacking Mobile Hacking Web Hack
► 19 (12) Hackmeeting HackStory HackTheBox HackToPy Hangout Hardening Hash HashCat Haskell hdbreaker Heartblee
HoneyNets Honeypots Hotel Hotmail HP Html HTML5 HTMLi Humor i3 i3-wm IDA PRO IDE IDS ImageMagick
► 18 (26) Informática Forense Information Gathering Ingenieria de Sistemas Ingenieria Inversa Ingeniería Social In
JackTheStripper Jalasoft Jaqi-Aru Java Joomla Jose Moruno Cadima Jquery Juegos Jugando con mi Raspberr
► 17 (97)
L4bsForAndroid L4bsForEzine L4bsForShell La Paz La Trinchera Laboratorio SniferL4bs Latch LaTeX LF
▼ 16 (163) Locos por Wi LOLBins LPI Mac OS X Magazine Malware Malware 101 Man in the Middle Manjaro Manua
MaratonLinuxero Mashups Medussa Mega Meld Memorias Metadatos Metagoo l Metasploit Metasploitable Mete

► diciembre (15) modding ModSecurity Modular Modularidad Monero MongoDB Monitoreo Mozilla Firefox Mr Robot msfenc

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
NetworkProgramming NFCC Nginx Ngrok Nmap NodeJS NodeOS NoSQL Noticias Nox NSA Nugget Nvidia Obfusca
► noviembre (8)
OpenCV OpenELEC OpenOf ce OpenSSL Opiniones OSCP OSINT OSMTD OWASP OWASP Day Paper Paramete

► octubre (6) Pdf peframe Peliculas Pentaho Pentesting Pentesting con Bash Pentesting con Metasploit Pentesti
PHP PirateBay Pivoting Plugin PoC Podcast Pokemon PokemonGO Ponencias P
Personal Gabriela Phishing

▼ septiembre (11) Preguntas y Respuestas Principiante en Linux Privacidad Private Programación Programas Prox
Linux PyQT PyTesting Python PythonForensic QMAIL Qt Radare Radare2 Ransomware Raspberry PI RCEe
Penetration Testing with Nmap I - Consultado Whois... Sociales Regex Reportes Research Resumen Semanal Retos Retos Criptográ cos Retos Forenses Ret
Narvaja RizelTane RoadToOSCP RTFM Rubber Ducky Ruby RVM Saber Libre SafeKids SandBox Sass Sc
CTF DragonJAR 2016 – Writeup por Amnesia Team
SeguridadJabali Sencha Serveo Session Shaka shellcode ShellShock Shodan SickOS Silver Sin 0 ni 1 Skype S
Repositorio de herramientas forenses SniferL4bs Sniffeo Sniffer Softonic Software Software LIbre Solución Reto Solución Underc0de Sorte
Steve Jobs SubgraphOS Sublime Text SubVersion Sw-Craft SysAdmin Taller TDD Telegram Teoria Termi
Game Of Hacks: Entorno Online para practicar la au... ThePastryBox Tigo TINT2 Tip Tip's Tool Tor Touchpad Traducción Troopers Troyano TrueCrypt Tutorial
Underdocs Unix Friday Day Uremix USB Videos VideoTutoriales Viernes de LaTeX Vim Viñetas Viper Virtu
Check List - Mobile Application Testing II
VulnHub WAF Wardriving Wargame Web WebCast WebShell WebSploit Wep Whatsapp Who is Mr Robot
Conociendo sobre Malware XXI - Awesome Malware Ana... Wireless Wireless Penetration Tools Wireless Pentesting desde 0 Wireshark Wireshark 101 Wordpres
Xss Yersenia Youtube ZAP Zaproxy Zentyal
Dame una Shell - 2x01 - Security Week 0x14 Hackeo ...

K0sasp - Hacking con OS X

Colección de Retos sobre XSS - Cross Site Scriptin...

Hacking Soft Tokens Advanced Reverse Engineering ...

CMSmap: Escaner de Vulnerabilidades para Drupal, W...

► agosto (9)

► julio (7)

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
► junio (15)

► mayo (13)

► abril (16)

► marzo (21)

► febrero (15)

► enero (27)

► 15 (255)

► 14 (336)

► 13 (124)

► 12 (177)

► 11 (79)

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
#Forensic and Security
Sysforensics

Forensic Contest

Underc0de

Forensic Focus

Python Tools for Pentesting

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Debian Hackers

Un Informatico del Lado del Mal

Conexion Inversa

Seguridad a lo Jabali

Hackplayers

Comunidad DragonJAR

Segu-Info

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Copyright © 2019 Snifer@L4b's | Powered by Blogger
Design by Sandpatrol | Blogger Theme by NewBloggerThemes.com

Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD

You might also like