Inspeckage: dynamic analysis with api hooks, start unexported activities – Penetration Testing

Inspeckage – Android Package Inspector

Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime.

http://ift.tt/2qafFPH

http://ift.tt/2oA5p68

http://ift.tt/1SaZV8X

Features

With Inspeckage, we can get a good amount of information about the application’s behavior:

Information gathering

Requested Permissions;

App Permissions;

Shared Libraries;

Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;

Check if the app is debuggable or not;

Version, UID and GIDs;

etc.

Hooks (so far)

With the hooks, we can see what the application is doing in real time:

Shared Preferences (log and file);

Serialization;

Crypto;

Hashes;

SQLite;

HTTP (an HTTP proxy tool is still the best alternative);

File System;

Miscellaneous (Clipboard, URL.Parse());

WebView;

IPC;

Hooks (add new hooks dynamically)

Actions

With Xposed it’s possible to perform actions such as start a unexported activity and much else:

Start any activity (exported and unexported);

Call any provider (exported and unexported);

Disable FLAG_SECURE;

SSL uncheck (bypass certificate pinning – JSSE, Apache and okhttp3);

Start, stop and restart the application;

Replace params and return value (+Hooks tab).

Fingerprint

Device fingerprint – advertising id, MAC address, IMEI, release, brand, build mode…

Location

Change GPS location (without use “Mock location” functionality)

Extras

APK Download;

View the app’s directory tree;

Download the app’s files;

Download the output generated by hooks in text file format;

Take a screen capture;

Send text to android clipboard.

Tips – some howto/guide

Configuration

Even though our tool has some hooks to the HTTP libraries, using an external proxy tool is still the best option to analyze the app’s traffic. With Inspeckage, you can:

Add a proxy to the target app;

Enable and disable proxy;

Add entries in the arp table.

Logcat

Logcat.html page. A experimental page with websocket to show some information from the logcat.

Installation

Requirements: Xposed Framework

Xposed Installer

Go to Xposed Installer, select “Download”

Refresh and search for “Inspeckage”

Download the latest version and install

Enable it in Xposed

Reboot and enjoy!

Xposed Repository

Get it from Xposed repo: http://ift.tt/1SaZV8X

adb install mobi.acpm.inspeckage.apk

Enable it in Xposed

Reboot and enjoy!

From Source

Feel free to download the source!

How to uninstall

adb uninstall mobi.acpm.inspeckage

And reboot!

Screenshots

Demo

Source: http://ift.tt/1XTRPlu

The post Inspeckage: dynamic analysis with api hooks, start unexported activities appeared first on Penetration Testing.

http://ift.tt/2tkR8MO http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s