Get the app from the Android Studio download page and save it to your home directory. It’s actually a full development environment for Android apps, that includes an Android emulator. This is how you install it on a Linux system: However, the one that worked best for me is Android Studio. There are a number of Android emulators around, such as Genymotion or Anbox. On the emulator, you can either install your target apps directly using the Google Play Store, or use apps that you will have extracted as an APK file from an existing Android phone using APK Extractor. So how does that work? Well, you need an Android emulator on your PC, whose traffic you can proxy through Burp Suite (hacking IOS apps requires a different workflow altogether that I won’t go into here). Mobile apps will often connect to a supporting web application through an API.īy intercepting and reviewing the traffic with a tool like Burp Suite, you can get a pretty good understanding of how the API works and, if you’re lucky, spot some vulnerabilities.Īs a matter of fact, you may want to check out this classic talk by Alissa Knight for Bugcrowd’s LevelUpX series explaining how she tested some fintech mobile apps and their supporting APIs and found hardcoded keys and tokens among other vulnerabilities. Mobile apps are great targets for anyone interested in hacking APIs.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |