Xposed framework Plugins for Android Pentesting helps in various android pentesting related tasks. If we observe closely in android it includes several steps from switching on a device to successfully run the app like
Remember: Xposed is initiated between the init and Zygote.
Nothing can be easier than installing an apk on the device
so just download the compatible version of Xposed apk from the website here on your mobile device.
Note: it works on the rooted device only and Always remember to install the apk according to your device compatibility as I am using Android version 6.0.1 marshmallow to avoid troubleshooting time. Marshmallow compatible version Downloaded from here
How to download apk and install on the device :
Step 1: Connect your android device to the host system and run CLI at the download apk directory
Step 2: adb install Xposed.apk
Step 1: Once Xposed is installed. open Xposed app on the device and select the Framework
Step 2: it will show a popup, click on ok.
Step 3: it will take you to another screen with a message.you can click on install/update and Make sure to give root access to process when it asks and it’s ready to use.
to analyze the network traffic of an Android application is very much important from a penetration tester point of view to find vulnerable endpoints and functionality.
Xposed framework “JustTrustMe” module: To bypass the spinning Xposed framework “JustTrustMe” module is used.it helps in disabling the SSL certificate checking.
Step 1: Download JustTrustMe apk here
Step 2: Goto downloaded the folder of apk and open CLI.
Run “adb install JustTrustMe.apk” and accept the allow option in Mobile at the same time.
Step 3: Open Xposed, go to modules and checkmark “JustTrustMe”
Step 4: Reboot your device.
Now you will be able to capture the application traffic using the proxy.
some of the android application does not allow to install and use applications on a rooted device.so to do pentest on that application on rooted devices root detection bypass is required to have root privilege.
Step 1: Make sure you have Xposed
Step 2: Install RootCloak as you can see in the screenshot
Step 3: Enable RootClock in Xposed app
Step 4: reboot your mobile
Step 5: goto RootCloak App, and add/remove Apps. (so here it will hide the root from apps) Click on “+” on the right upper corner and add the package name of that app
For example: here I am using app ecardandkeys and its package name is com.ecardsandkeys so I added it.
Step 6: make sure to exit RootCloak app and if the app that you just added is already running close it or you can reboot your phone.
Step 7: run the app to check the root detection bypass successfully.
Inspackage : it is used for dynamic analysis of Android applications.it helps in understanding what an app is doing at runtime. Inspeckage is an Android package Inspector and it hooks some of the Android API so that we can better understand runtime working of an Application.
It allows you to interact with some of the elements of the app, like activities and providers, etc.
2.download Inspackage from here
How does it work?
Inspeckage has an internal HTTP server that provides an interactive web interface.
The below image shows the available features of Inspeckage.
You can access the Inspeckage dashboard on http://192.168.0.101:8008 and It shows available options to analyze the app from the host system.
it allows you to download apk on the host system from the dashboard.
Tree view of the data directories
App File system
You can run the specific activities of the app