Android Application Penetration Testing | Mobile Pentesting
ฝัง
- เผยแพร่เมื่อ 29 มิ.ย. 2024
- Welcome to my newly made course on Android Pentesting. You gonna learn the:
00:00 - Intro
00:30 - Prerequisites
04:06 - Android Architecture
09:18 - Basic Android Terminologies
16:10 - Inside of an APK
22:14 - Setting up of Pentesting Lab
50:22 - Pentest Methodology
55:38 - OWASP Mobile Top 10
1:10:07 - Static Analysis
2:05:27 - Android App Signing Mechanism
2:18:42 - Android App Traffic Interception & Analysis
2:25:12 - Dynamic Analysis
2:42:47 - Conclusion
Notes link : drive.google.com/file/d/17-p1...
Note: I haven't covered tools like Drozer, QARK, Frida & Objection as this video is for beginners and folks who just want to start their career in Mobile Pentesting. In my next videos, I'll surely cover those. :)
💥Connect Me At💥
🌍LinkedIn: / h0tplug1n
🌍Instagram: / h0tplug1n
🌍Facebook: profile.php?...
🌍Github: github.com/h0tPlug1n/
🌍TryHackMe: tryhackme.com/p/sabyasachipaul
🌍Medium: / h0tplug1n
🌍Linktree: linktr.ee/h0tPlug1n
🌍Twitter: / h0tplug1n
🌍Discord: h0tPlug1n
💥Popular Videos💥
🌍Android Pentesting: • Android Application Pe...
🌍OAuth 2.0: • OAuth 2.0 Authenticati...
🌍File Inclusion: • LFI & RFI Complete tut... - วิทยาศาสตร์และเทคโนโลยี
![[HIGHLIGHT] หมีLIVEปะ? | EP.171 เห็นแต่ในจอ วันนี้มาต้องขอคารวะ](http://i.ytimg.com/vi/gPWLxa0e_Z8/mqdefault.jpg)
In 1:52:43 if anyone has problem understanding it, then we are asking the activity manager to start an activity (represented by -a) name VIEW_CREDS2 and it is to be shown by dumping the activity (represented by -n) name APICreds2Activity. Also, use an extra variable (represented as e) whose datatype would be boolean (represented by z) named check_pin and keep its value as false (represented as --ez check_pin false).
So, in summary in order to directly fetch VIEW_CREDS we need to give pin so providing its value as false and to get the VIEW_CREDS, we need to fetch it via APICreds2Activity. So, we dumped or rather pre-executed APICreds2Activity in order to fetch VIEW_CREDS.
At least this is what I've understood.. If there's any other explanation then do let me know... I always look forward to learn more. 🤗🤗
Great material, you're doing a good job on youtube, keep up the good work 🙂
Your sacrifices don't go unnoticed.
Nice video, I would like to add that for path variables dont put path outside of folder, go inside and then put that address on env variables
Appreciate your hard work to clarify the basics of Android PT. I really wish I could this video during my initial career. Nice Attempt bro keep it up. All the Best for your future!!
Thank you so much for this video.
The way you explain and then give us examples makes it a lot easier to understand the concepts. 🙌
Thanks for the great video, please make more videos, your way of teaching is really good,pure quality content
Hi, glad u liked the video. Just preparing something surprising for my viewers. After it gets completed I'll definitely drop a fantastic Android Pentesting video ...
Hi Sabyasachi did a fantastic explanation for Android.. good understanding theriatical and lbs
this video is life saver bro 😎😎😎😎
Great Content, please do a follow up with more advance concepts!
nice explanation, it helps..
You are the best, thank you
Thank you 🥹🙏
You are a great teacher❤
Thank you so very much 💗
Hi, sabyasachi you did a great Job for beginners who can easily deep drive into APT field , do one thing more just to provide these apk's for download so we did all stuffs as a practice ...thanks for such a great video 😊👌
Those are available on his GitHub, check for the github profile link in the description, browse the repo.
Great video, just to let anyone who watches this video know that, singing the app with SHA1 is now deprecated so SHA 2 is recommend, like "jarsigner -verbose -sigalg SHA256withRSA -digestalg SHA-256 -keystore cert.keys unsigned.apk aliasName"
Good information
Thank you so much for making it available for free brother, people like me have a huge constraint on budget, is there any other material you would recommend for me to study
I'm just kinda busy with my college works... Once I'm free I am gonna pour a lot into this channel... Every precious thing is going to be free.... But its gonna take some time..
Good video bro
thanks
guruji application ki adb proses id kese find kru
is command se to nhi ho rhi 👉👉adb shell ps | grep -i
koi tool ho ya koi command ho to btavo plzz
Thanks for the helpful tutorial,
I just have an issue now I want to test an application within Microsoft dynamics 365 but everytime I try to run the application I get a message says my device is not healthy and rooted. is the emulator unrooted or what can I do I'm lost help me please.
Please upload the video for apks analysis with AndroPyTool and Android Studio Emulator.
are this vulnerability still applicable if we build app with pro-guard and minification enabled?
hi , i am not able to install the google build android tools
I need help, unable to connect to kali running on vb using adb command. Please help
Please I want the link of virtualization video
Hello sabyasachi. Greetings to you! Thanks for this video. Can you make a 2nd part ASAP?? I want to learn about Drozer, QARK, Frida & Objection. Thanks in advance.
Hi, I've actually received many DMs stating about the same. Once I am done with other workloads I'll definitely make a video out of it. Don't worry there is actually something big going to come for all my viewers. :)
@@h0tPlug1n Hi. we are still waiting. pls upload it asap
still waiting...@@h0tPlug1n
hi mr, can you share link download about tools mr?🙏
Sir I did not get emulator file in my system can you pls help
when i trying adb pull comand on 1:33:00 it says permission denied ?
Alternative you can move the file in sdcard and then pull it.
can we get notes ??
sure. I have provided the link in the description box.
@@h0tPlug1n thank you and this video was awesome . 🥰
Waiting for more dynamic analysis videos.
is this the full course ?
Sadly nope... I am working on making a complete one.. It will take some time.. 😥
@@h0tPlug1n What else still remaining?????????????? topics
@@h0tPlug1n wwhat r the remaining topics ?????????
1: at 55:01 if MoBSF is not giving link to open it in browser run in different terminal --> pkill gunicorn
then again run --> ./run.sh
2: will add if any issue & other solution I get later
guruji application ki adb proses id kese find kru
is command se to nhi ho rhi 👉👉adb shell ps | grep -i
koi tool ho ya koi command ho to btavo plzz
guruji application ki adb proses id kese find kru
is command se to nhi ho rhi 👉👉adb shell ps | grep -i
koi tool ho ya koi command ho to btavo plzz
guruji application ki adb proses id kese find kru
is command se to nhi ho rhi 👉👉adb shell ps | grep -i
koi tool ho ya koi command ho to btavo plzz
guruji application ki adb proses id kese find kru
is command se to nhi ho rhi 👉👉adb shell ps | grep -i
koi tool ho ya koi command ho to btavo plzz