# Start emulator and install burp cert Original guide see [here](https://medium.com/mii-cybersec/how-to-connect-burp-suite-to-an-android-emulator-9da19b0ad2c3) ```sh emulator -netdelay none -netspeed full -avd Pixel_2_XL_API_27_2 -qt-hide-window -grpc-use-token -idle-grpc-timeout 300 -http-proxy http://192.168.0.171:8081 -debug-proxy -writable-system adb root sleep 2 adb remount adb push Downloads/sparapp/9a5ba575.0 /storage/emulated/0/ adb shell "mv /storage/emulated/0/9a5ba575.0 /system/etc/security/cacerts" adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0" adb shell "chown root:root /system/etc/security/cacerts/9a5ba575.0" adb shell "ls -lah /system/etc/security/cacerts/9a5ba575.0" ``` # Hacking jar Good starting point [OWASP](https://github.com/OWASP/owasp-mastg/blob/master/Document/0x08a-Testing-Tools.md#objection) ## install frida server ```sh curl -L -o /tmp/frida-server.xz https://github.com/frida/frida/releases/download/16.1.3/frida-server-16.1.3-android-x86.xz unxz /tmp/frida-server.xz adb root && sleep 2 adb push /tmp/frida-server /data/local/tmp/ adb shell "chmod 755 /data/local/tmp/frida-server" adb shell "/data/local/tmp/frida-server &" ``` ## Patch and install an apk ```sh python -m venv1 venv # creates virtual environment . ./venv1/bin/activate # changes into the virtual environment pip install objection objection patchapk --source SPAR_1.0.1_Apkpure.apk # patches apk so that is injectable adb root && sleep 2 adb install adb install SPAR_1.0.1_Apkpure.objection.apk ``` ## Connected to patched apk ```sh # while in virtual environment frida-ps -Ua # lists available to attach objection to objection -d -g `at.spar.app` explore # starts app with objection attached ``` ## Useful commands when in objection shell ```sh android sslpinning disable # try disable certificate pinning android hooking ... # various commands for class/method listing, call hooking, etc import # executes a frida injection javascript import Fin/Spar/frida/hook_login.js import Fin/Spar/frida/hook_apicalls.js ... ```