Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rodolfomarianocy/tricks-pentest-android-and-ios-applications

Some Useful Tricks for Pentest Android and iOS Apps
https://github.com/rodolfomarianocy/tricks-pentest-android-and-ios-applications

android attack exploitation hacking hacking-mobile ios mobile penetration-testing pentest pentest-android pentest-ios pentesting tips tricks vulnerability

Last synced: about 1 month ago
JSON representation

Some Useful Tricks for Pentest Android and iOS Apps

Host: GitHub
URL: https://github.com/rodolfomarianocy/tricks-pentest-android-and-ios-applications
Owner: rodolfomarianocy
Created: 2022-09-06T15:05:50.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-10-27T22:14:37.000Z (3 months ago)
Last Synced: 2024-10-28T01:32:37.349Z (3 months ago)
Topics: android, attack, exploitation, hacking, hacking-mobile, ios, mobile, penetration-testing, pentest, pentest-android, pentest-ios, pentesting, tips, tricks, vulnerability
Language: JavaScript
Homepage:
Size: 91.8 KB
Stars: 52
Watchers: 2
Forks: 10
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        
Tricks - Mobile Penetration Tester (Android and iOS)
  



   



 [x] In construction...


## Tricks Pentest Mobile - Android [Topics]

- [Basic Apps Android](basic_apps_android.md)

  - [Android Architecture](basic_apps_android.md#android-architecture)

  - [Configuring Emulated Environment](basic_apps_android.md#configuring-the-emulated-environment)

  - [Communication with ADB (Android Debug Mode)](basic_apps_android.md#communication-with-adb-android-debug-mode)

  - [Extract and Install apk](basic_apps_android.md#extract-and-install-apk)

- [Reverse Engineering Android](reverse_engineering_android.md)

  - [Sign the app](reverse_engineering_android.md#sign-the-app)

  - [Install .aab](reverse_engineering_android.md#install-aab)

  - [Smali Assembler and Disassembler](reverse_engineering_android.md#generate-smali)

  - [Dex to Java Decompiler](reverse_engineering_android.md#smali-assembler-and-disassembler)

  - [Reverse Engineering React Native in Bundle](reverse_engineering_android.md#reverse-engineering-react-native-in-bundle)

  - [Dump Information About an Object File - Lib](reverse_engineering_android.md#dump-information-about-an-object-file---lib)

 

- [Intercepting Traffic in Android Apps](intercepting_traffic_in_android_apps.md)

  - [Configuring Proxy](intercepting_traffic_in_android_apps.md#configuring-proxy)

  - [Adding Certificate to User](intercepting_traffic_in_android_apps.md#adding-certificate-to-user)

  - [Adding Certificate to the System](intercepting_traffic_in_android_apps.md#adding-certificate-to-the-system)

  - [Intercepting Mobile Apps in Flutter](intercepting_traffic_in_android_apps.md#intercepting-mobile-apps-in-flutter)

- [Magisk Tricks](magisk_tricks.md)

  - [Root AVD with Magisk - Emulated Environment](magisk_tricks.md#root-avd-with-magisk---emulated-environment)

  - [Plugins to automate recurring actions](magisk_tricks.md#plugins-to-automate-recurring-actions)

- [Hooking with Frida and Objection on Android](hooking-frida-objection-android.md)

  - [Install and Configure Frida and Objection](hooking-frida-objection-android.md#install-and-configure-frida-and-objection)

  - [Frida Tricks](hooking-frida-objection-android.md#frida-tricks)

  - [Objection Tricks](hooking-frida-objection-android.md#objection-tricks)

  - [Frida Scripts for Enumeration](hooking-frida-objection-android.md#frida-scripts-for-enumeration)

- [Client-Side Protections - Android](client_side_protections_android.md)

  - [Anti-Root Bypass](client_side_protections_android.md#anti-root-bypass)

  - [Anti-Emulator Bypass](client_side_protections_android.md#anti-emulator-bypass)

  - [SSL Pinning Bypass](client_side_protections_android.md#ssl-pinning-bypass)

  - [End-to-End Encryption Bypass](client_side_protections_android.md#end-to-end-encryption-bypass)

  - [Anti-Debugging Bypass](client_side_protections_android.md#anti-debugging-bypass)

  - [Anti-Frida Bypass](client_side_protections_android.md#anti-frida-bypass)

  - [Flag Secure Bypass](client_side_protections_android.md#flag-secure-bypass)

- [Access Control Android](access_control_android.md)

  - [Activity Exploitation](access_control_android.md#activity-exploitation)

  - [Content Provider Exploitation](access_control_android.md#content-provider-exploitation)

  - [Android Debug Mode Enabled](access_control_android.md#android-debug-mode-enabled)

  - [Crack Android Pattern Lock](access_control_android.md#crack-android-pattern-lock)

- [Insecure Data Storage Android](insecure_data_storage_android.md)

  - [SQLite Databases](insecure_data_storage_android.md#databases)

  - [Shared Preferences](insecure_data_storage_android.md#shared-preferences)

  - [Internal Storage](insecure_data_storage_android.md#internal-storage)

  - [External Storage](insecure_data_storage_android.md#external-storage)

  - [Backups for Sensitive Data](insecure_data_storage_android.md#backups-for-sensitive-data)

  - [Dumping memory for Sensitive Data](insecure_data_storage_android.md#dumping-memory-for-sensitive-data)

  - [Keystore](insecure_data_storage_android.md#keystore)

    

## Tricks Pentest Mobile - iOS [Topics]

- [Basic Apps iOS](basic_apps_ios.md)

  - [iOS Architecture](basic_apps_ios.md#ios-architecture)

  - [Extracting a Decrypted .ipa from a Jailbroken Device](basic_apps_ios.md#extracting-a-decrypted-ipa-from-a-jailbroken-device)

  - [Install/Uninsttall an ipa](basic_apps_ios.md#installuninstall-an-ipa)

- [Reverse Engineering iOS](reverse_engineering_ios.md)

  - [Signing and Installing a Third-Party iOS Application - Require MacOS](reverse_engineering_ios.md#signing-and-installing-a-third-party-ios-application---require-macos)

  - [Assembler and Disassembler](reverse_engineering_ios.md#assembler-and-disassembler)

  - [Dumping Class Information in Objective-C](reverse_engineering_ios.md#dumping-class-information-in-objective-c)

  - [Using swift-demangle](reverse_engineering_ios.md#using-swift-demangle)

- [Intercepting Traffic in iOS Apps](intercepting_traffic_in_ios_apps.md)

  - [Configuring Proxy](intercepting_traffic_in_ios_apps.md#configuring-proxy)

  - [Adding Certificate to User](intercepting_traffic_in_ios_apps.md#adding-certificate-to-user)

  - [Adding Certificate to System](intercepting_traffic_in_ios_apps.md#adding-certificate-to-system)

- [Jailbreak Information](jailbreak_information.md)

  - [Jailbreak Types (Untethered, Semi-Untethered, Semi-Tethered, Tethered)](jailbreak_information.md#jailbreak-types-untethered-semi-untethered-semi-tethered-tethered)

  - [Jailbreak Methods (Rootful, Rootless)](jailbreak_information.md#jailbreak-methods-rootful-rootless)

  - [Communicating with your Jailbroken Device](jailbreak_information.md#communicating-with-your-jailbroken-device)

    

- [Hooking with Frida and Objection on iOS](hooking-frida-objection-ios.md)

  - [Install and Configure Frida and Objection](hooking-frida-objection-ios.md#install-and-configure-frida-and-objection)

  - [Frida Tricks](hooking-frida-objection-ios.md#frida-tricks)

  - [Patching .ipa - Objection (non Jailbroken) - Require MacOS](patching-ipa---objection-non-jailbroken---require-macos)

  - [Objection Tricks](hooking-frida-objection-ios.md#objection-tricks)

  - [Frida Scripts for Enumeration](hooking-frida-objection-ios.md#frida-scripts-for-enumeration)

- [Client-Side Protections - iOS](client_side_protections_ios.md)

  - [Anti-Jailbreak Bypass](client_side_protections_ios.md#anti-jailbreak-bypass)

  - [Anti-Emulator Bypass](client_side_protections_ios.md#anti-emulator-bypass)

  - [SSL Pinning Bypass](client_side_protections_ios.md#ssl-pinning-bypass)

  - [Anti-Frida Bypass](client_side_protections_ios.md#anti-frida-bypass)

  - [End-to-End Encryption Bypass](client_side_protections_ios.md#end-to-end-encryption-bypass)

 

- [Insecure Data Storage - iOS](insecure_data_storage_ios.md)

  - [NSUserDefaults/UserDefaults](insecure_data_storage_ios.md#nsuserdefaultsuserdefaults)

  - [PList Files](insecure_data_storage_ios.md#plist-files)

  - [SQLite](insecure_data_storage_ios.md#sqlite)

  - [Core Data](insecure_data_storage_ios.md#core-data)

  - [Dumping Memory for Sensitive Data](insecure_data_storage_ios.md#dumping-memory-for-sensitive-data)

  - [Keychain](insecure_data_storage_ios.md#keychain)

  - [Backup](insecure_data_storage_ios.md#backup)

  - [Realm](insecure_data_storage_ios.md#realm)

  - [Cache](insecure_data_storage_ios.md#cache)

 

## Tricks Pentest Mobile General- [Topics]

- [Creating Scripts in Frida](creating_scripts_frida.md)

  - [Hook and Java Reflection](creating_scripts_frida.md#hooking-and-java-reflection)

  - [Structure for Creating the Script in Frida](structure-for-creating-the-script-in-frida)

  - [Hands-On Scripts](creating_scripts_frida.md#hands-on-scripts)

- [Misconfigured Google Maps API Key Hardcoded](misconfigured_google_maps_api_key_hardcoded.md#misconfigured-google-maps-api-key-hardcoded)

- [Facilitating Tools](facilitating_tools.md#facilitating-tools)

  - [Mobile Security Framework (MobSF) [Android/iOS]](facilitating_tools.md#mobile-security-framework-mobsf-androidios)

  - [scrcpy - screen copy [Android]](facilitating_tools.md#scrcpy---screen-copy-android)

  - [3uTools - Useful Apple Mobile Device Management Tool [iOS]](facilitating_tools.md#3utools---useful-apple-mobile-device-management-tool-ios)

  - [Frida iOS hook - Tool to help Frida more easily](facilitating_tools.md#frida-ios-hook---tool-to-help-frida-more-easily)

  - [Grapefruit - iOS runtime application instrumentation tool based on frida](facilitating_tools.md#grapefruit---ios-runtime-application-instrumentation-tool-based-on-frida)

  - [Runtime Mobile Security (RMS) - developed by FRIDA, it is a web interface that helps manipulate Android and iOS applications at runtime](facilitating_tools.md#runtime-mobile-security-rms---developed-by-frida-it-is-a-web-interface-that-helps-manipulate-android-and-ios-applications-at-runtime)

  - [Quick Android Review Kit [Android] - for searching for vulnerabilities in apps, capable of generating PoC's through the creation of deployable APKs and/or ADB commands for exploitation](facilitating_tools.md#quick-android-review-kit-android---for-searching-for-vulnerabilities-in-apps-capable-of-generating-pocs-through-the-creation-of-deployable-apks-andor-adb-commands-for-exploitation)

  - [Pithus - Mobile threat intelligence for the masses [Android/iOS]](facilitating_tools.md#pithus---mobile-threat-intelligence-for-the-masses-androidios)

  - [libimobiledevice - "A cross-platform FOSS library written in C to communicate with iOS devices natively" [iOS]](facilitating_tools.md#libimobiledevice---a-cross-platform-foss-library-written-in-c-to-communicate-with-ios-devices-natively-ios)

- [TLS and mTLS](tls_and_mtls.md)

- [Open Source Projects for Protection in Mobile Apps](open_source_projects_protections_mobile_apps.md)

- [Hands-on Labs](hands_on_labs.md)

  - [InsecureBankv2 [Android]](hands_on_labs.md#insecurebankv2-android)

  - [Damn Vulnerable Bank [Android]](hands_on_labs.md#damn-vulnerable-bank-android)

  - [goatdroid.apk [Android]](hands_on_labs.md#goatdroidapk-android)

  - [OVAA (Oversecured Vulnerable Android App) [Android]](hands_on_labs.md#ovaa-oversecured-vulnerable-android-app-android)

  - [EVABS (Extremely Vulnerable Android Labs) [Android]](hands_on_labs.md#evabs-extremely-vulnerable-android-labs-android)

  - [Insecureshop [Android]](hands_on_labs.md#insecureshop-android)

  - [Allsafe [Android]](hands_on_labs.md#allsafe-android)

  - [DVIA-v2 [iOS]](hands_on_labs.md#dvia-v2-ios)

  - [DVIA [iOS]](hands_on_labs.md#dvia-ios)

  - [OWASP iGoat (Swift) [iOS]](hands_on_labs.md#owasp-igoat-swift-ios)

  - [Oversecured Vulnerable iOS App [iOS]](hands_on_labs.md#oversecured-vulnerable-ios-app-ios)

  - [UnSAFE Bank [Android/iOS]](hands_on_labs.md#unsafe-bank-androidios)