Many of you may be wondering and searching for Security Testing/Hacking Tutorials of Android Apps. Android is a very popular OS now a days, so every customer wants to have their Android App. It has become inevitable for a Software Tester to learn and find security flaws.
So, here is the simplest attack to steal User Credentials and App Settings.
I will use goatdroid app to demonstrate the attack. Download Link: https://github.com/downloads/jackMannino/OWASP-GoatDroid-Project/OWASP-GoatDroid-0.9.zip
1. Install Android SDK. Download Link: http://developer.android.com/sdk/index.html
2. Set Platform Tools in Path Environmental Variables. E.g. C:\Program Files (x86)\Android\android-sdk\platform-tools
3. Create Android AVD and start emulator. Tutorial Link: http://developer.android.com/tools/devices/managing-avds.html OR connect device in your computer. Make sure USB Debugging is turned on in Developer Options of Settings
GoatDroid Installation Steps:
1. Unzip GoatDroid and launch goatdroid-0.9.jar. GoatDroid Tutorial Link: https://github.com/jackMannino/OWASP-GoatDroid-Project/wiki/Getting-Started
2. Select FourGoats under Apps and Click on Start Web Service from the right pane
3. Go to “OWASP-GoatDroid-0.9\OWASP-GoatDroid-0.9\goatdroid_apps\FourGoats\android_app”…
View original post 560 more words