Steal User Information from Android App – GoatDroid Example


test2break

Many of you may be wondering and searching for Security Testing/Hacking Tutorials of Android Apps. Android is a very popular OS now a days, so every customer wants to have their Android App. It has become inevitable for a Software Tester to learn and find security flaws.

So, here is the simplest attack to steal User Credentials and App Settings.

I will use goatdroid app to demonstrate the attack. Download Link: https://github.com/downloads/jackMannino/OWASP-GoatDroid-Project/OWASP-GoatDroid-0.9.zip

Pre-Requisite:

1. Install Android SDK. Download Link: http://developer.android.com/sdk/index.html

2. Set Platform Tools in Path Environmental Variables. E.g. C:\Program Files (x86)\Android\android-sdk\platform-tools

3. Create Android AVD and start emulator. Tutorial Link: http://developer.android.com/tools/devices/managing-avds.html OR connect device in your computer. Make sure USB Debugging is turned on in Developer Options of Settings

GoatDroid Installation Steps:

1. Unzip GoatDroid and launch goatdroid-0.9.jar. GoatDroid Tutorial Link: https://github.com/jackMannino/OWASP-GoatDroid-Project/wiki/Getting-Started

2. Select FourGoats under Apps and Click on Start Web Service from the right pane

3. Go to “OWASP-GoatDroid-0.9\OWASP-GoatDroid-0.9\goatdroid_apps\FourGoats\android_app”…

View original post 560 more words