Hacking and Pentesting Android Applications

Name: Hacking and Pentesting Android Applications
Rating: 4.6 (836 reviews)

Learn how to pentest Android Applications using the modern day pentesting tools and techniques

Created bySrinivas .

Last updated 7/2021

English

What you'll learn

Learn the fundamentals of Android Application Penetration Testing
Learn how to Reverse Engineer Android Apps
Learn how to patch Android Apps using apktool to bypass SSL Pinning
Learn how to bypass Jailbreak detection in Android Apps using objection
Learn how to trace crypto calls made by an Android app using Frida
Learn Android Application Penetration Testing using the modern day tools and techniques - Good Bye to old school tools
Learn how to use Frida to invoke functions from within the App
Learn Mobile App Pentesting to begin your bug bounty journey

Course content

7 sections • 48 lectures • 4h 36m total length

Course Introduction2:46

Introduction0:50
Explore fundamental pen testing concepts for Android applications, including reverse engineering tools, traffic analysis, insecure data storage, and client-side vulnerabilities. Build a foundation for advanced topics like runtime tracing.
Introduction to Android App Pentesting2:49
Reversing Android Apps with APKTOOL9:12
Explore reverse engineering of Android applications using Apktool to disassemble, read AndroidManifest.xml, and patch apps for penetration testing, including understanding decompiled code and patching workflows.
Reversing Android Apps with dex2jar and JD-GUI4:12
Intercepting HTTP Traffic11:17
Intercepting HTTPS Traffic17:29
Insecure Data Storage vulnerabilities7:36
Expose insecure data storage in Android apps by storing tokens and bank details in shared preferences, SQLite, or internal/external storage, revealing clear text risks and potential authorization bypass.
Server Side Vulnerabilities7:18
Introduction to client side vulnerabilities1:24
Weak Crypto and Authorization Vulnerabilties7:01
Exported Application Components14:27
Insecure Logging2:04
Client Side Injection4:09
Clipboard - Copy Paste issues1:35

Introduction0:44
Introduction to client side protections in Android Apps2:55
Introduction to Frida1:46
Root Detection Bypass using Objection17:57
Insecure Local Data Storage - Revisited5:07
Client side SQL Injection - Revisited1:32
Traffic Analysis - Revisited6:22
Introduction to Frida CLI2:58
How Frida Scripts work?2:40
Creating a JavaScript template for writing Frida Scripts9:26
Enumerating loaded classes using Frida7:13
Getting class properties using Frida7:03
Bypassing Root Detection using Frida5:42
Dumping string arguments using Frida8:13
Tracing WebView calls using Frida2:49
Use a Frida script to trace Android WebView calls and capture the URLs loaded by WebView, such as about us or google.com, to analyze how the app loads content.
Introduction to end to end encryption8:31
Dumping encryption keys using Frida11:05
Learn to dump an android app's encryption key with frida and objection, tracing the script class and bytes to hex, and assessing the sha-256 based key generation.
SQL Injection with encrypted Payloads8:07
Intercept login and profile requests via a proxy to perform sql injection using the obtained encryption key, and craft payloads with server or frida scripts to encrypt and decrypt values.
Introduction to SSL Pinning5:45
Bypassing SSL Pinning using Frida12:30
Fixing errors in SSL Pinning Bypass script0:49
Reversing and Patching Android Apps to bypass SSL Pinning7:53

Requirements

The course covers all the required basics

Description

This course is created with an idea of saying Bye Bye to outdated Android application penetration testing tools and techniques. Let us learn Android Application Penetration Testing the right way with right tools and techniques.

This course introduces students to the security concepts associated with Android Apps developed using Android Programming Language. This is an intermediate level course, which begins with beginner level concepts. This course covers a variety of concepts such as Android Application structure, Reversing Android Apps, Bypassing client side restrictions such as root detection, SSL Pinning etc. This course uses two vulnerable applications developed by the instructor to demonstrate how Android App vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Android App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Jailbreak detection, insecure end to end encryption, SQL Injection etc.

The best part of the course is that you will get a detailed understanding of how to trace an Android app's runtime and write a bunch of Frida scripts to pentest the target applications. The best part of the course is that you will get a detailed understanding of how to trace an Android app's runtime and write a bunch of Frida scripts to pentest the target applications.

Who this course is for:

Penetration Testers
Mobile Application Developers
Security professionals who are interested in Mobile App Security
Anyone who is interested in ethical hacking and penetration testing
Anyone who is interested in information security concepts

Hacking and Pentesting Android Applications

What you'll learn

Explore related topics

Course content

Course Introduction1 lecture • 3min

Introduction3 lectures • 18min

Setting up Android Pentesting Lab6 lectures • 27min

Android Application Penetration Testing - Basics14 lectures • 1hr 31min

Android Application Penetration Testing - Advanced22 lectures • 2hr 17min

Conclusion1 lecture • 1min

Bonus Section1 lecture • 1min

Requirements

Description

Who this course is for: