Learning Penetration Testing of Android Applications
Switch branches/tags
Nothing to show
Clone or download
Latest commit 67ddc81 Aug 5, 2017

README.md

owasp-workshop-android-pentest

Learning Penetration Testing of Android Applications

How to start with Android Application Pentesting?

AndroidVM

The should be very easy. We configured two virtual machines with all tools you need here:

  • https://drive.google.com/open?id=0BwhtuArcTcxMWlhvTW5SYkFsbWc
    • OWASP Android VM.ova - Android 5 VM for the Android App Pentest Workshop (SHA256 236917e4953af0b336f373e72e63946a96ade543107f32acf88df12d9e79755a)
    • OWASP Ruhrpott.ova - Ubuntu based VM for the OWASP Android App Pentest Workshop (SHA256 419e7161172b8270cc2c83f7957a4311b57a63f5229cac4d082c4fec6007dd59)

Requirements

The following are hardware and software recommendations:

  • Linux / Windows / Mac Operating System
  • Oracle VirtualBox (in a recent version)
  • 25 GB of storage on your hard drive
  • >4 GB RAM

Setup

  1. After you downloaded the two VMs import them in VirtualBox via File -> Import Appliance ....
  2. Configure the the DHCP of VirtualBox to allow configure the internal network:
    1. VBoxManage dhcpserver add --netname intnet --ip 10.13.13.100 --netmask 255.255.255.0 --lowerip 10.13.13.101 --upperip 10.13.13.254 --enable
  3. Start the Android VM first and wait until it is booted, this ensures that the it will have the IP 10.13.13.101. (PIN: 0000)
  4. Start the OWASP VM. It will should have the IP 10.13.13.102. (pentester:owasp2017)
  5. You are now ready to start with the challenges.

Workshops

This repository was used in previous Workshops and the following table is used to reference them:

What Where When Slides Link
OWASP Stammtisch Ruhrpott Essen, Germany 31.01.17 Slides Wiki
OWASP Stammtisch Ruhrpott Essen, Germany 04.03.17 Slides Wiki
SHA2017 Zeewolde, Netherlands 05.08.17 Slides Link

It would be nice if you give us a small notice, when you are doing a workshop with our project so we can reference it here.

Contribute

You can contribute via a pull request or an issue with a bug or a feature request. Please keep in mind that we are developing this project in our free time so a response might take some time. To contribute with challenges see the CONTRIBUTING.md file.

Solutions

In the case you are get stuck with a challenge, see the wiki for hints.