An app with a really bad networking issue.
The code is based on https://github.com/cpholguera/MASTestApp-Android
-
Open Android Studio and Device Manager
-
Clik Add a new device and create virtual device
-
Make sure "Show obsolete device profiles" are checked
-
Find: Nexus 6P API 23
-
Select and click Next
-
Under API select: API 23 "Marshmallow"; Android 6.0
-
Select system image: x86 (not x86_64)
-
Click finish
-
install adb https://developer.android.com/tools/adb
-
Start the device in device manager
-
Open a console and navigate to the base of this repository
-
Download the apks release
-
Install the apks like this:
java -jar .github/lib/bundletool.jar install-apks --apks={path to the downloaded apks}/MASTestApp-Android-NETWORK.apks
adb install {path to the downloaded apks}/MASTestApp-Android-NETWORK.apk
-
If you want to pentest the app, you can install frida and following this guide: https://medium.com/@SecureWithMohit/getting-started-with-frida-setting-up-on-an-emulator-47980170d2b2
The CA is created from this guide: https://gist.github.com/soarez/9688998 All certificate use the passphrase: test
see CA.md
Choose Nexus 6P API 23
Debug is on by default
Install semgrep docker
docker pull semgrep/semgrep
Run: # MainActivity.kt docker run --rm -v "${PWD}:/src" semgrep/semgrep semgrep -c rules app/src/main # Networking rules docker run --rm -v "${PWD}:/src" semgrep/semgrep semgrep -c rules/mstg-network-trusted-anchors.yml app/src/main/res/xml/network_security_config.xml # App is debuggable docker run --rm -v "${PWD}:/src" semgrep/semgrep semgrep -c rules/mstg-network-debuggable.yml app/src/main/AndroidManifest.xml