cutiepie/Fin
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
Fin/Spar/frida/README.md
wea_ondara 7739693d63 added Spar PoC, added objection and frida guide
2023-09-01 20:07:06 +02:00

55 lines
2.2 KiB
Markdown
Raw Permalink Blame History

# Start emulator and install burp cert
Original guide see [here](https://medium.com/mii-cybersec/how-to-connect-burp-suite-to-an-android-emulator-9da19b0ad2c3)
```sh
emulator -netdelay none -netspeed full -avd Pixel_2_XL_API_27_2 -qt-hide-window -grpc-use-token -idle-grpc-timeout 300 -http-proxy http://192.168.0.171:8081 -debug-proxy -writable-system
adb root
sleep 2
adb remount
adb push Downloads/sparapp/9a5ba575.0 /storage/emulated/0/
adb shell "mv /storage/emulated/0/9a5ba575.0 /system/etc/security/cacerts"
adb shell "chmod 644 /system/etc/security/cacerts/9a5ba575.0"
adb shell "chown root:root /system/etc/security/cacerts/9a5ba575.0"
adb shell "ls -lah /system/etc/security/cacerts/9a5ba575.0"
```
# Hacking jar
Good starting point [OWASP](https://github.com/OWASP/owasp-mastg/blob/master/Document/0x08a-Testing-Tools.md#objection)
## install frida server
```sh
curl -L -o /tmp/frida-server.xz https://github.com/frida/frida/releases/download/16.1.3/frida-server-16.1.3-android-x86.xz
unxz /tmp/frida-server.xz
adb root && sleep 2
adb push /tmp/frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"
adb shell "/data/local/tmp/frida-server &"
```
## Patch and install an apk
```sh
python -m venv1 venv # creates virtual environment
. ./venv1/bin/activate # changes into the virtual environment
pip install objection
objection patchapk --source SPAR_1.0.1_Apkpure.apk # patches apk so that is injectable
adb root && sleep 2
adb install
adb install SPAR_1.0.1_Apkpure.objection.apk
```
## Connected to patched apk
```sh
# while in virtual environment
frida-ps -Ua # lists available to attach objection to
objection -d -g `at.spar.app` explore # starts app with objection attached
```
## Useful commands when in objection shell
```sh
android sslpinning disable # try disable certificate pinning
android hooking ... # various commands for class/method listing, call hooking, etc
import <scriptname on computer> # executes a frida injection javascript
import Fin/Spar/frida/hook_login.js
import Fin/Spar/frida/hook_apicalls.js
...
```
Reference in New Issue View Git Blame Copy Permalink