{"id":13842084,"url":"https://github.com/1d8/Android-Analysis","last_synced_at":"2025-07-11T14:30:29.541Z","repository":{"id":108225088,"uuid":"282781854","full_name":"1d8/Android-Analysis","owner":"1d8","description":"Getting Genymotion \u0026 Burpsuite setup for Android Mobile App Analysis","archived":false,"fork":false,"pushed_at":"2020-07-31T18:51:49.000Z","size":1226,"stargazers_count":158,"open_issues_count":1,"forks_count":32,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-08-05T17:30:35.586Z","etag":null,"topics":["android","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/1d8.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2020-07-27T03:09:46.000Z","updated_at":"2024-04-17T21:54:40.000Z","dependencies_parsed_at":"2023-07-09T04:15:29.578Z","dependency_job_id":null,"html_url":"https://github.com/1d8/Android-Analysis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1d8%2FAndroid-Analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1d8%2FAndroid-Analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1d8%2FAndroid-Analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/1d8%2FAndroid-Analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/1d8","download_url":"https://codeload.github.com/1d8/Android-Analysis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225729838,"owners_count":17515176,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","reverse-engineering"],"created_at":"2024-08-04T17:01:27.025Z","updated_at":"2024-11-21T12:30:51.845Z","avatar_url":"https://github.com/1d8.png","language":null,"funding_links":[],"categories":["Others","Others (1002)"],"sub_categories":[],"readme":"# Setting Up An Android VM For Analyzing Mobile Applications\n\n## Download Links:\n\n* [apksigner](https://apkpure.com/apk-signer/com.haibison.apksigner/download?from=details) \n* [Google Chrome](https://www.apkmirror.com/apk/google-inc/chrome/chrome-84-0-4147-89-release/google-chrome-fast-secure-84-0-4147-89-14-android-apk-download/)\n\n## Tools Used:\n\n* Genymotion\n* BurpSuite\n* Apktools\n\n## Getting Started\n\nGenymotion will be used to set up the Android VM. Sign up for an account [here](https://www.genymotion.com/account/create/). For account creation, if you don't want to use your real information, you can use temp-mail.org for email verification. You can also install Genymotion [here](https://www.genymotion.com/download/)\n\nAfter installing Genymotion \u0026 signing in, you will be greeted with a screen like this, except yours will have no devices listed:\n\n![](/images/img1.png)\n\nClick the pink plus button then pick any device you'd like and set whatever specs you want for that device. When you get to the **Virtual Device Installation** screen (see img), leave the **Network Mode** defaulted to NAT. \n\n**NOTE**: The default amount of resources dedicated to the VMs is quite abundant, I usually set the number of processors to 1 \u0026 the ram to 2 GB. I haven't ran into any lag issues or anything of that nature.\n\n![](/images/img2.png)\n\nWhile that's installing, let's set up Burp.\n\nAfter opening Burp, go into the **proxy** tab then into the **options** tab. Add a new listener on **all interfaces** on whatever port you'd like, I chose 8080:\n\n![](/images/img3.png)\n\nNow click import/export CA certificate \u003e Export \u003e Certificate in DER format \u003e Choose a path \u0026 name it anything with a **.cer** extension \u003e Next\n\nNow let's start up our Android device \u0026 set up the proxy \u0026 install the certificate.\n\nTo install the certificate, run the following command:\n\n`/opt/genymotion/tools/adb push *certificate name* *file location to push to*`\n\nThis will use Genymotion's built-in ADB to download the certificate to the Android device. I usually just push the certificate to */sdcard*.\n\nNow go into the device's WIFI settings \u0026 click on the network that it's currently connected to. Then click the pencil in the upper right hand corner \u0026 click the **Advanced options** drop down menu \u0026 set **Proxy** to manual.\n\n![](/images/img4.png)\n\n1. For **hostname**, enter the IP address of the local machine that is running burp suite.\n\n2. For **Proxy port**, enter the port that burp is listening on.\n\nNow back out of the wifi settings, and scroll down to **Security \u0026 Location** click it, then click **Encryption \u0026 credentials**. Now click **Install from SD card** \u0026 find where you saved your certificate from earlier.\n\nGive the certificate a name:\n\n![](/images/img5.png)\n\nThen after you click ok you're greeted with a screen asking you to set up a passcode, comply \u0026 follow the following instructions:\n\n![](/images/img6.png)\n\nNow it's time to test if we are able to intercept all traffic from the device. I prefer using Chrome as I've found that the pre-installed webview that comes with Genymotion is quite buggy.\n\nYou can install the Chrome apk on your host machine [here](https://www.apkmirror.com/apk/google-inc/chrome/chrome-84-0-4147-89-release/google-chrome-fast-secure-84-0-4147-89-14-android-apk-download/)\n\nAfter the apk is installed on your host machine, simply drag \u0026 drop it into the Genymotion window and you'll get this popup on the VM:\n\n![](/images/img7.png)\n\nLaunch chrome on the device \u0026 make sure intercept is on in Burp, then go to any website and you should see the request pop up in Burp:\n\n![](/images/img8.png)\n\nBut some applications don't like user downloaded certificates, so in order to inspect web traffic for some apps we actually have to decompile the application \u0026 add a few things \u0026 recompile it\n\n## Recompiling \u0026 Decompiling\n\nFor this example, I will be using an NYC transit app which I installed from ApkPure.com\n\nFirst we decompile the app:\n`apktool d *file-name*.apk`\n\nOutput:\n\n![](/images/img9.png)\n\nThen we go into the **Manifest.xml** file \u0026 scroll down to the \u003c\\application android\u003e tag \u0026 we are going to add the following line if it isn't already there: \n\n`android:networkSecurityConfig=\"@xml/network_security_config`\n\nBefore adding:\n\n![](/images/img10.png)\n\nAfter adding:\n\n![](/images/img11.png)\n\nNow go into the **res/xml** folder \u0026 create/modify a file named network_security_config.xml with the following contents:\n\n```\n\u003cnetwork-security-config\u003e  \n      \u003cbase-config\u003e  \n            \u003ctrust-anchors\u003e  \n                \u003c!-- Trust preinstalled CAs --\u003e  \n                \u003ccertificates src=\"system\" /\u003e  \n                \u003c!-- Additionally trust user added CAs --\u003e  \n                \u003ccertificates src=\"user\" /\u003e  \n           \u003c/trust-anchors\u003e  \n      \u003c/base-config\u003e  \n \u003c/network-security-config\u003e\n```\n\nThen save the file \u0026 back out of all the directories \u0026 rebuild the apk with the following command:\n`apktool b *folder-name/* -o *output-file.apk*`\n\nOutput:\n\n![](/images/img12.png)\n\nNow use Genymotion's ADB to push the modified apk to the Android device:\n\n`/opt/genymotion/tools/adb push *file-name*.apk /sdcard`\n\nNow before you can launch this apk, it needs to be signed. This can be done with [Apksigner](https://apkpure.com/apk-signer/com.haibison.apksigner/download?from=details), simply download Apksigner \u0026 drag \u0026 drop it into the device \u0026 launch it:\n\n![](/images/img13.png)\n\nClick **sign a file** \u0026 then find the modified apk tool that was pushed onto the device. \n\nYou may have to click the 3 stacked boxes in the upper right corner \u0026 click show storage to find the modified apk:\n\n![](/images/img14.png)\n\nThen choose where you want to save your newly signed apk \u0026 click save: \n\n![](/images/img15.png)\n\nWait for the apk to be signed\n\nThen go into the Amaze file manager \u0026 go to the folder where you chose to save the apk \u0026 click on it, this will bring this screen:\n\n![](/images/img17.png)\n\nClick install. You may need to allow Amaze file explorer to install applications, just do so.\n\nNow you can intercept the mobile application's traffic \u0026 search for bugs:\n\n![](/images/img18.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1d8%2FAndroid-Analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F1d8%2FAndroid-Analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F1d8%2FAndroid-Analysis/lists"}