About Course
This course is created with an idea of saying Bye Bye to outdated Android application penetration testing tools and techniques. Let us learn Android Application Penetration Testing the right way with right tools and techniques.
This course introduces students to the security concepts associated with Android Apps developed using Android Programming Language. This is an intermediate level course, which begins with beginner level concepts. This course covers a variety of concepts such as Android Application structure, Reversing Android Apps, Bypassing client side restrictions such as root detection, SSL Pinning etc. This course uses two vulnerable applications developed by the instructor to demonstrate how Android App vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Android App vulnerabilities such as Insecure Data Storage, Insecure Logging, Weak Jailbreak detection, insecure end to end encryption, SQL Injection etc.
The best part of the course is that you will get a detailed understanding of how to trace an Android app's runtime and write a bunch of Frida scripts to pentest the target applications.
What do you learn?
Learn the fundamentals of Android application penetration testing
Learn how to patch Android Apps using apktool to bypass SSL Pinning
Learn how to trace crypto calls made by an Android app using Frida
Learn how to use Frida to invoke functions from within the App
Learn how to Reverse Engineer Android Apps
Learn how to bypass Jailbreak detection in Android Apps using objection
Learn Android Application Penetration Testing using the modern day tools and techniques - Good Bye to old school tools
Learn Mobile App Pentesting to begin your bug bounty journey
Prerequisite
This course covers all the required basics
penetration testing knowledge is good to have
Who is this course for?
Penetration testers
Mobile Application Developers
Security professionals who are interested in Mobile App Security
Anyone who is interested in ethical hacking and penetration testing
Anyone who is interested in information security concepts
Course Curriculum
- Introduction (0:50)
- Introduction to Android App Pentesting (2:49)
- Reversing Android Apps with APKTOOL (9:12)
- Reversing Android Apps with dex2jar and JD-GUI (4:12)
- Intercepting HTTP Traffic (11:16)
- Intercepting HTTPS Traffic (17:29)
- Insecure Data Storage vulnerabilities (7:36)
- Server Side Vulnerabilities (7:18)
- Introduction to client side vulnerabilities (1:24)
- Weak Crypto and Authorization Vulnerabilties (7:00)
- Exported Application Components (14:27)
- Insecure Logging (2:04)
- Client Side Injection (4:09)
- Clipboard - Copy Paste issues (1:35)
- Introduction (0:44)
- Introduction to client side protections in Android Apps (2:55)
- Introduction to Frida (1:46)
- Root Detection Bypass using Objection (17:57)
- Insecure Local Data Storage - Revisited (5:07)
- Client side SQL Injection - Revisited (1:32)
- Traffic Analysis - Revisited (6:22)
- Introduction to Frida CLI (2:58)
- How Frida Scripts work? (2:40)
- Creating a JavaScript template for writing Frida Scripts (9:26)
- Enumerating loaded classes using Frida (7:13)
- Getting class properties using Frida (7:03)
- Bypassing Root Detection using Frida (5:42)
- Dumping string arguments using Frida (8:13)
- Tracing WebView calls using Frida (2:49)
- Introduction to end to end encryption (8:30)
- Dumping encryption keys using Frida (11:05)
- SQL Injection with encrypted Payloads (8:07)
- Introduction to SSL Pinning (5:45)
- Bypassing SSL Pinning using Frida (12:30)
- Fixing errors in SSL Pinning Bypass script (0:49)
- Reversing and Patching Android Apps to bypass SSL Pinning (7:53)