Steal User Information from Android App – GoatDroid Example


Many of you may be wondering and searching for Security Testing/Hacking Tutorials of Android Apps. Android is a very popular OS now a days, so every customer wants to have their Android App. It has become inevitable for a Software Tester to learn and find security flaws.

So, here is the simplest attack to steal User Credentials and App Settings.

I will use goatdroid app to demonstrate the attack. Download Link:


1. Install Android SDK. Download Link:

2. Set Platform Tools in Path Environmental Variables. E.g. C:\Program Files (x86)\Android\android-sdk\platform-tools

3. Create Android AVD and start emulator. Tutorial Link: OR connect device in your computer. Make sure USB Debugging is turned on in Developer Options of Settings

GoatDroid Installation Steps:

1. Unzip GoatDroid and launch goatdroid-0.9.jar. GoatDroid Tutorial Link:

2. Select FourGoats under Apps and Click on Start Web Service from the right pane

3. Go to “OWASP-GoatDroid-0.9\OWASP-GoatDroid-0.9\goatdroid_apps\FourGoats\android_app”…

View original post 560 more words