Android AppSec

@UC5bY16WSEa_ttTPqj8aTeIw - 2.8K subscribers

We (@hpAndro and @_RaviRamesh) spend a lot of time attacking android app hacking, breaking encryption, finding business logic flaws, penetration testing, and looking for sensitive data stored insecurely. We do it for the right reasons - to help developers make their apps more secure. The best way to verify that your app follows secure mobile development best practices is to perform security assessments of the app, which can include automated mobile app security testing, fuzzing, manual penetration testing, and more. This application represents some of the knowledge we share with the infosec community. We are trying to build vulnerable applications based on OWASP Mobile Security Testing Guide. 🚩 CTF Link : ctf.hpandro.raviramesh.info 🟦 Facebook Page: www.facebook.com/hpAndro1337 🔷Twitter handle : twitter.com/hpandro1337

Home Videos Live Playlists

Runtime Debugging Native Android Shared library (.so) file using IDA Pro

Runtime Debugging Native Android Shared library (.so) file using IDA Pro Android AppSec

22.1K views - 3 years ago

Android Studio Emulator (AVD) Rooting with Magisk using rootAVD

Android Studio Emulator (AVD) Rooting with Magisk using rootAVD Android AppSec

57.6K views - 4 years ago

SSAID or ANDROID_ID validation Bypass using Dalvik bytecode Patch - hpAndro Vulnerable Application

SSAID or ANDROID_ID validation Bypass using Dalvik bytecode Patch - hpAndro Vulnerable Application Android AppSec

2.4K views - 4 years ago

GPS Location Spoofing - hpAndro Vulnerable Application Challenge

GPS Location Spoofing - hpAndro Vulnerable Application Challenge Android AppSec

642 views - 4 years ago

Hardcoded Secret in Native Library (.so files) - hpAndro Vulnerable Application Challenge

Hardcoded Secret in Native Library (.so files) - hpAndro Vulnerable Application Challenge Android AppSec

1.4K views - 4 years ago

RPATH - run-time search path hard-coded in native library - hpAndro Vulnerable Application Challenge

RPATH - run-time search path hard-coded in native library - hpAndro Vulnerable Application Challenge Android AppSec

631 views - 4 years ago

Checking Memory for Sensitive Data (Memory Flag) - hpAndro Vulnerable Application Challenge

Checking Memory for Sensitive Data (Memory Flag) - hpAndro Vulnerable Application Challenge Android AppSec

1.1K views - 4 years ago

XML External Entity [XXE] - hpAndro Vulnerable Application Challenge

XML External Entity [XXE] - hpAndro Vulnerable Application Challenge Android AppSec

687 views - 4 years ago

XPath Injection - hpAndro Vulnerable Application Challenge

XPath Injection - hpAndro Vulnerable Application Challenge Android AppSec

970 views - 4 years ago

User Password Enumeration - hpAndro Vulnerable Application Challenge

User Password Enumeration - hpAndro Vulnerable Application Challenge Android AppSec

402 views - 4 years ago

Server Side Request Forgery [SSRF] - hpAndro Vulnerable Application Challenge

Server Side Request Forgery [SSRF] - hpAndro Vulnerable Application Challenge Android AppSec

503 views - 4 years ago

Server Fingerprinting - hpAndro Vulnerable Application Challenge

Server Fingerprinting - hpAndro Vulnerable Application Challenge Android AppSec

260 views - 4 years ago

Remote File Inclusion [RFI] - hpAndro Vulnerable Application Challenge

Remote File Inclusion [RFI] - hpAndro Vulnerable Application Challenge Android AppSec

520 views - 4 years ago

REST API HTTP Methods - hpAndro Vulnerable Application Challenge

REST API HTTP Methods - hpAndro Vulnerable Application Challenge Android AppSec

249 views - 4 years ago

Unrestricted File Upload - hpAndro Vulnerable Application Challenge

Unrestricted File Upload - hpAndro Vulnerable Application Challenge Android AppSec

436 views - 4 years ago

Server Side Template Injection [SSTI] - hpAndro Vulnerable Application Challenge

Server Side Template Injection [SSTI] - hpAndro Vulnerable Application Challenge Android AppSec

369 views - 4 years ago

S3 Bucket Misconfiguration - hpAndro Vulnerable Application Challenge

S3 Bucket Misconfiguration - hpAndro Vulnerable Application Challenge Android AppSec

294 views - 4 years ago

RIA Cross Domain Policy - hpAndro Vulnerable Application Challenge

RIA Cross Domain Policy - hpAndro Vulnerable Application Challenge Android AppSec

1.1K views - 4 years ago

Review Comment and Meta Data - hpAndro Vulnerable Application Challenge

Review Comment and Meta Data - hpAndro Vulnerable Application Challenge Android AppSec

126 views - 4 years ago

OTP Bruteforce - hpAndro Vulnerable Application Challenge

OTP Bruteforce - hpAndro Vulnerable Application Challenge Android AppSec

6K views - 4 years ago

Old Backup Files - hpAndro Vulnerable Application Challenge

Old Backup Files - hpAndro Vulnerable Application Challenge Android AppSec

349 views - 4 years ago

Login Bypass Cookie Manipulation - hpAndro Vulnerable Application Challenge

Login Bypass Cookie Manipulation - hpAndro Vulnerable Application Challenge Android AppSec

916 views - 4 years ago

JWT Misconfiguration - hpAndro Vulnerable Application Challenge

JWT Misconfiguration - hpAndro Vulnerable Application Challenge Android AppSec

317 views - 4 years ago

JSON to XXE Blind - hpAndro Vulnerable Application Challenge

JSON to XXE Blind - hpAndro Vulnerable Application Challenge Android AppSec

627 views - 4 years ago

JavaScript Info Leak - hpAndro Vulnerable Application Challenge

JavaScript Info Leak - hpAndro Vulnerable Application Challenge Android AppSec

251 views - 4 years ago

Insecure Direct Object References [IDOR] - hpAndro Vulnerable Application Challenge

Insecure Direct Object References [IDOR] - hpAndro Vulnerable Application Challenge Android AppSec

359 views - 4 years ago

Encoding & Hashing - hpAndro Vulnerable Application Challenge

Encoding & Hashing - hpAndro Vulnerable Application Challenge Android AppSec

298 views - 4 years ago

Default Credential - hpAndro Vulnerable Application Challenge

Default Credential - hpAndro Vulnerable Application Challenge Android AppSec

211 views - 4 years ago

Client Side Validation Bypass - hpAndro Vulnerable Application Challenge

Client Side Validation Bypass - hpAndro Vulnerable Application Challenge Android AppSec

360 views - 4 years ago

Ninjutsu Android Penetration Testing Environment - MEmu based emulator

Ninjutsu Android Penetration Testing Environment - MEmu based emulator Android AppSec

2.5K views - 4 years ago

2FA Bypass Android AppSec

2K views - 4 years ago

HTML5 Controls (Local Storage) - hpAndro Vulnerable Application Challenge

HTML5 Controls (Local Storage) - hpAndro Vulnerable Application Challenge Android AppSec

1.3K views - 4 years ago

House - Dynamic Mobile Analysis Tool

House - Dynamic Mobile Analysis Tool Android AppSec

920 views - 4 years ago

#Medusa - Extensible binary instrumentation framework based on #FRIDA for Android applications

#Medusa - Extensible binary instrumentation framework based on #FRIDA for Android applications Android AppSec

2.4K views - 4 years ago

SSH/SFTP Server Terminal - Powerful SSH server for Android

SSH/SFTP Server Terminal - Powerful SSH server for Android Android AppSec

5.2K views - 4 years ago

Identifying and Breaking RSA Encryption Logic using Profile or Debug APK (Android Studio) - RSA flag Android AppSec

1.4K views - 4 years ago

FЯIDA - Dynamic Instrumentation Toolkit - Setting up your Android device

FЯIDA - Dynamic Instrumentation Toolkit - Setting up your Android device Android AppSec

1.3K views - 4 years ago

Inspeckage - Android Package Inspector

Inspeckage - Android Package Inspector Android AppSec

2.5K views - 4 years ago

Xposed Framework installation in Genymotion

Xposed Framework installation in Genymotion Android AppSec

3.7K views - 4 years ago

Identifying and Breaking Encryption Logic using smali debugging - AES flag

Identifying and Breaking Encryption Logic using smali debugging - AES flag Android AppSec

2.7K views - 4 years ago

smali debugging using Android Studio

smali debugging using Android Studio Android AppSec

8.2K views - 4 years ago

Decompile - Modify - Recompile - Sign (APK)

Decompile - Modify - Recompile - Sign (APK) Android AppSec

30.4K views - 4 years ago

smali mapping with Java code using jadx-gui and apktool

smali mapping with Java code using jadx-gui and apktool Android AppSec

10.8K views - 4 years ago

BurpSuite - Intercept HTTPS request

BurpSuite - Intercept HTTPS request Android AppSec

9.2K views - 4 years ago

BurpSuite - Intercept HTTP request

BurpSuite - Intercept HTTP request Android AppSec

1.6K views - 4 years ago

jadx-gui - Dex to Java decompiler

jadx-gui - Dex to Java decompiler Android AppSec

17.7K views - 4 years ago

Reverse Engineering Android APK file using apktool

Reverse Engineering Android APK file using apktool Android AppSec

3.8K views - 4 years ago

Install JRE (for apktool) and ADB (sdk-platform-tools)

Install JRE (for apktool) and ADB (sdk-platform-tools) Android AppSec

533 views - 4 years ago

Verifying genymotion plugin with Android Studio

Verifying genymotion plugin with Android Studio Android AppSec

757 views - 4 years ago

Install Genymotion and Play Store

Install Genymotion and Play Store Android AppSec

2.1K views - 4 years ago

Install genymotion plugin in Android Studio

Install genymotion plugin in Android Studio Android AppSec

1.4K views - 4 years ago

Install smalidea plugin in Android Studio

Install smalidea plugin in Android Studio Android AppSec

1.7K views - 4 years ago

Install Android Studio

Install Android Studio Android AppSec

627 views - 4 years ago

2FA Bypass - Status Code Manipulation

2FA Bypass - Status Code Manipulation Android AppSec

2.1K views - 4 years ago

Configuring an Android Device to Work With Burp - Install Burp Certificate : HTTPS interception

Configuring an Android Device to Work With Burp - Install Burp Certificate : HTTPS interception Android AppSec

11.9K views - 4 years ago

Configuring an Android Device to Work With Burp - Intercept HTTP Traffic

Configuring an Android Device to Work With Burp - Intercept HTTP Traffic Android AppSec

1.5K views - 4 years ago

How to Install and Use MobSF(Mobile Security Framework) on Windows 10 via Docker in 5 Min ?

How to Install and Use MobSF(Mobile Security Framework) on Windows 10 via Docker in 5 Min ? Android AppSec

16.3K views - 4 years ago

How to Install and Use MobSF(Mobile Security Framework) on Ubuntu via Docker in 5 Min ?

How to Install and Use MobSF(Mobile Security Framework) on Ubuntu via Docker in 5 Min ? Android AppSec

4.3K views - 4 years ago

Check application logs and find a flags.

Check application logs and find a flags. Android AppSec

512 views - 4 years ago

Sensitive information stored in Internal Storage - Android CTF

Sensitive information stored in Internal Storage - Android CTF Android AppSec

393 views - 4 years ago