Edit

Mobile Security Controls

Mobile Security Controls

  • Root/Jailbreak Detection

  • Certificate Pinning

  • Code Obfuscation

All mobile security controls can be bypassed!

ADB Commands

List connected devices

Get shell

Install apk on the device

Bypass Root Detection

List the applications installed on the device

Disable root using Objection

Bypass Certificate Pinning

Set up proxy in Burp Suite

  • Go to Proxy tab

  • Options

  • Select on existing proxy settings and Click on Edit under Proxy Listeners

  • Select All interfaces

  • Yes

Set up Proxy Settings in the Mobile Device

  • Open Wifi Settings

  • Advanced Options

  • Enable Manual Proxy

  • Set the IP address as in the computer (In this case Kali VM)

  • Set the Proxy port

Install Burp Certificate in the Mobile Device

  • Open browser

  • Visit: http://burp

  • Click on the CA Certificate button

  • Search "Cert" in the Settings

  • Click on the Install Certificate option

  • Install the certificate

Get the Package name for the apk

Bypass SSL Pinning using Objection

PreviousMobile Application Pentesting Part 3NextDynamic Analysis

Last updated

Was this helpful?