Hey there, this tutorial will guide you in setting up an android virtual device (AVD) in your machine to pen test mobile applications. I will also provide some useful commands to help you in a couple of additional commands at the end that you will probably come across when doing your tests, and you can follow this tutorial on your Mac or Windows devices.
At the end of the post, we will achieve:
- Android R (11) AVD
- Rooted/Jailbreak AVD
- Global System certificate installed in the AVD
- Frida Server installed in the AVD
- Https traffic captured through OWASP ZAP
Necessary files & applications:
- Android Studio (2020.3.1)
- SDK Platform Tools (31.0.3)
- rootAVD (October 2021)
- Magisk Trust User Certs (v0.4.1)
- ZAP (2.11.0 | or your preferred proxy)
Notes: 1. If you are having problems with your environment, I strongly recommend you uninstall Android Studio and remove all AVD images files, as our first step will cover. 2. By the date of that tutorial, the Postman proxy was not working with my environment. 3. My environment was tested with the highlighted versions above, so please use the same version if you have any problems. 4. Download the zip option on the Magisk Trust User Certs page.
Step 1 (optional) - Uninstall Android Studio & Remove AVD Images
I recommend that you at least remove all the AVD images from your system because only clean images will work with the rootAVD code. Android Studio can also create configuration files that occasionally cause issues in your deployment, but it is rarer than the device images.
The AVD images are located in C:\Users%USERNAME%\AppData\Local\Android\Sdk\system-image. Delete all the images that you will use. In our case, we are working with the Android API 30.
Step 2 - Install Android Studio
- Install Android Studio on your device, which will be used to configure and emulate our AVDs.
Step 3 - Install SDK Platform Tools (ADB)
- Unzip the file you have downloaded from the link above and rename it to “adb”.
- Move the “adb” folder to the “C:/”
- Search for “This PC” in your windows search and click on “Properties”. On the left menu, access “Advanced system settings” and then select the “Path” row in the “Users variables for %USERNAME%”. Click on “Edit…” above the “Users variables for %USERNAME%” section and then hit “New” to add a path. In the new window, type “C:\adb” and save it.
Step 4 - Prepare rootAVD
- Unzip the rootAVD file.
Step 5 - Create an AVD
- Open Android Studio and click on “AVD Manager” .
- Click on “+ Create Virtual Device…”.
- Create a Google Pixel 3 XL with Android R (API 30).
- You can change the name of the device.
- Do not change any further configuration.
Step 6 - root/Jailbreak the AVD
- Open a CMD prompt terminal in your device.
- Access the rootAVD folder (if it is in your downloads folder, follow the command below).
cd C:\Users\%USERNAME%\Downloads\root-AVD-master
- Run the rootAVD script as below.
- The command will automatically turn your AVD off, so no panic.
rootAVD.bat C:\Users\%USERNAME%\AppData\Local\Android\Sdk\system-images\android-30\google_apis\x86\ramdisk.img
- Turn on the AVD once the command finishes.
Step 7 - Install Frida Server & Always Trust User Certs
- In the AVD, open the Magisk app and go to the plugin section.
- Search for MagiskFrida plugin and follow the prompts to install it.
- Send the Magisk Trust User Certs zip file to the AVD as per the command below.
cd C:/Users/%USERNAME%/Downloads
adb push .\AlwaysTrustUserCerts.zip /sdcard/Download
adb push is used to send files to your connected Android devices.
- In the AVD open the Magisk app and go to the plugin section, and select install from local files.
- Follow the prompt window to select and install Always Trust User Certs.
Step 8 - Install proxy certificates
- Send the certificate to the Android device
adb push .\owasp.cer /sdcard/Download
- Install the certificate in the AVD in Security>Encryption & credentials>Install a certificate.
- Follow the prompt window to select the certificate and complete the installation.
Step 9 - Configure AVD proxy
- In the AVD point the proxy to OWASP ZAP.
Step 10 - All done! & Extra commands
Now you have an environment to pent test mobile applications on your computer, and here are some useful commands for you:
- If you want to know which devices are connected to your machine, use:
adb devices
- If your devices do not show up in the list, try:
adb reload
Thank you, and see you in my next post.