Android Pentesting with Genymotion and Burp

February 15, 2021
Mobile pentests

Our previous blog post (without Genymotion) and getting started guide is here.

Download & Install Genymotion (Android Emulator)

Download and follow prompts, https://www.genymotion.com/download/

Graphical user interface, text, application, chat or text messageDescription automatically generated

Choose a device and API version. I’m using API version 8.0 for this setup.

Graphical user interfaceDescription automatically generated

Install ARM translation tool for Genymotion

Genymotion is x86-based, so if you try to install an application including ARM code on any Genymotion device, you will get an error that you wouldn’t get it on a physical device.

Failure [INSTALL_FAILED_NO_MATCHING_ABIS: Failed to extract native libraries, res=-113]

To avoid the error message, install ARM translation tool that match your API level. In this case, I installed 8.0 version.

https://github.com/m9rco/Genymotion_ARM_Translation

Start the device and install Burp CA Certificate

Download and install burp suite if you don’t have it installed, https://portswigger.net/burp/communitydownload

Download burp certificate from ProxyàOptionsàImport/export CA Certificate

Download and rename it to .cer format

Graphical user interface, text, application, emailDescription automatically generated

Drag and drop to Genymotion emulator and it will be stored under /sdcard/Downloads folder.

Graphical user interface, application, TeamsDescription automatically generated

Install the certificate, default values work fine. You will be prompted to setup a security PIN.

Setup manual proxy in Genymotion & Burp

Graphical user interface, applicationDescription automatically generated

Setup Burp proxy via ProxyàOptionsàAdd. Select All Interfaces and specify proxy port.

Graphical user interface, text, application, emailDescription automatically generated

Setup proxy in Genymotion via:

SettingsàNetwork & InternetàWi-fiàLong click & hold AndroidWifiàModify networkà<<Local IP and Proxy port>>

Graphical user interface, text, applicationDescription automatically generated

Bingo, you are now setup to intercept all traffic between your Android application and server.

Install ADB via brew

brew install android-platform-tools

adb devices

TextDescription automatically generated

Download APK file

Download target application and install on Android emulator

A quick and easy way to download Android APK file is via Chrome extension:

Graphical user interface, text, application, emailDescription automatically generated

Once you have the APK file, just drag and drop to Genymotion or issue command:

adb install <<filename.apk>>

Intercept the traffic

You should now be able to intercept the traffic for your target Android application.

Graphical user interfaceDescription automatically generated with medium confidence

Happy Hacking !!!

Share this post
Wordpress Security
Malware Analysis
Tools & Techniques
Pentests
PTaaS
Cyber Security
Technology
Subscribe to our newsletter

Join our newsletter today and enhance your knowledge with valuable insights. It's quick, easy, and free!

Be a Team Player
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Latest blogs

Latest updates in cybersecurity services

View All
Blacklock Blog Image
Wordpress CMS Security
June 9, 2016
Wordpress CMS Security
Tools & Techniques
August 8, 2014
Tools & Techniques