Android penetration testing Basics

Source: Internet
Author: User

I. Application Local Storage check
 
1. View data in sqlite3 format
The local storage of many applications uses the sqlite3 database for storage. We can use the sqlite3 command to view the content, for some Android devices without the sqlite command, we can export the command from the simulator and then copy it to the device.
 
Step 1: Open the simulator and copy the sqlite3 command from the simulator to the PC.

emulator -avd test
adb pull /system/xbin/sqlite3 d:/sqlite3
 
Step 2: Disable the simulator and connect the device to the PC using a USB cable
Run the following command. The following command indicates that the connection is successful.
D:\>adb devices List of devices attached 42890C3429FD117 device
 
Step 3: copy the sqlite3 stored on the PC to the device
adb push d:/sqlite3 /sdcard/
adb shell
adb su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system /dev/block/mtdblock3 /system                             
cp /sdcard/sqlite3 /system/xbin/
chmod 777 /system/xbin/sqlite3
Step 4: test whether sqlite3 is successfully installed
We can view the data storage of the email application.
D:\download>adb shell shell@android:/ $ su su shell@android:/ # find / -name *.db | grep email find / -name *.db | grep email /data/data/com.android.email/databases/EmailProvider.db /data/data/com.android.email/databases/EmailProviderBody.db /data/data/com.android.email/databases/webview.db /data/data/com.android.email/databases/webviewCookiesChromium.db /data/data/com.android.email/databases/webviewCookiesChromiumPrivate.db 2|shell@android:/ # sqlite3 /data/data/com.android.email/databases/EmailProvider .db d.email/databases/EmailProvider.db                                            < SQLite version 3.7.4 Enter ".help" for instructions Enter SQL statements terminated with a ";" sqlite> .tables .tables Account               FollowupFlag_Updates  Message_Deletes Account_CB            HostAuth              Message_Updates Attachment            Mailbox               Policies CertificateCache      Mailbox_CB            RecipientInformation FollowupFlag          Message               android_metadata FollowupFlag_Deletes  Message_CB sqlite> .dump HostAuth .dump HostAuth PRAGMA foreign_keys=OFF; BEGIN TRANSACTION; CREATE TABLE HostAuth (_id integer primary key autoincrement, protocol text, add ress text, port integer, flags integer, login text, password text, domain text, accountKey integer); INSERT INTO "HostAuth" VALUES(1,'pop3','pop.163.com',110,4,'test@163.com' ,'test',NULL,1); INSERT INTO "HostAuth" VALUES(2,'smtp','smtp.163.com',25,4,'test@163.com' ,'test',NULL,1); COMMIT; sqlite>
The HostAuth table stores the account information of the mailbox. The logon password is stored in plaintext.



Ii. Network Communication check
The Network Communication includes the HTTP layer and the TCP layer. We can use an HTTP proxy to manipulate HTTP layer data packets, such as BurpSuite and Paros, or operate socket layer data packets through Wireshark, tcpdump, Mallory, and ADVsock2pipe. I have written some articles in this regard.
Discussion on mobile app communication analysis methods
Capture communication packets on mobile devices in real time
The simplest way to capture data packets is to use the tcpdump command to save the captured data packets and use tools such as wireshark to view them offline. This method can be used to check whether sensitive information is leaked.
Like sqlite3, this command is not available on the default android device. We need to export it from the simulator and copy it to the device in a similar way to use
adb push d:/tcpdump /sdcard/
adb shell
adb su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system /dev/block/mtdblock3 /system                             
cp /sdcard/tcpdump /system/xbin/
chmod 777 /system/xbin/tcpdump
To be continued

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.