Skip to content

m3t3kh4n/Android-Pentest-CheatSheet

BranchesTags

Repository files navigation

Android Application Penetration Testing Cheatsheet / Checklist

Checklist

SSL Pinning

  • Missing SSL Pinning
  • Bypassing SSL Pinning (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Root Detection

  • Missing Root Detection
  • Bypassing Root Detection (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Emulator Detection

  • Missing Emulator Detection
  • Bypassing Emulator Detection (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Insertion of Sensitive Information into Log File

  • Check adb logcat logs for sensitive information/data
  • Bypass logging requests (Frida)
  • Unencrypted/plaintext request/data in logs

Insecure Storage of Sensitive Information

  • Sensitive information in Shared Preferences
  • Sensitive information in temporary files
  • Sensitive information in LocalStorage database
  • Sensitive information in other places

About

Android Pentest Cheatsheet

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published