Android Pentest Lab on an Apple Chip M1
Introduction
This blog aims to provide a simple method for setting up an Android pentest lab on M1 or M2. Despite encountering various writeups with different emulators, this guide focuses solely on an Android development kit-based lab.
A rooted environment is necessary to conduct security research in the Android lab. Using a non-Google Play store image when setting up the emulator is recommended, as Google does not support production builds to run in a rooted environment. However, there may be exceptions.
Creating an Android Virtual device
Running and Managing AVDs
Path of the Android Emulator Binary
List the available AVDs
Just Run the Android Emulator
Run with Proxy
Run with ADB logs
Configuring with a proxy.
To begin, open the Burp Suite Proxy tool.
Please enable the listener on the correct IP address and port. Also, ensure that the proxy IP specified in the emulator command matches the IP and port enabled in Burp Suite.
Access the mobile client's proxy IP and port or //burp and download the certificate.
Install the certificate on the device.
Updated
Here's an interesting fact: Some people may have read my blog, but I forgot to mention an important point. Simply building a lab won't suffice.
We are all set for the lab, but here are the steps to redirect the requests to the proxy by setting up an adb reverse proxy.
Set Reverse Proxy
Disable Proxy
Please let me know if there are any questions or corrections since I wrote this blog quickly.
Last updated