It can be fun to reverse engineer some android applications. I think it’s better to do this on your workstation instead of your phone because it’s way more flexible and you don’t ruin your phone when you break things 😉
In my case, I use Debian 11. But of course, you can do this with any OS.
- An app you want to debug
- OWASP ZAP Proxy
- APK Export (Android App)
OWASP ZAP Proxy
I use the snap package for ZAP because it’s easy to install and you’ve always the latest version.
$ sudo snap install zaproxy --classic
Start ZAP and export the dynamic certificate (tools > options)
- Click on the save button an place the file somewhere on your disk.
You can check if the OWASP ZAP is running with:
$ netstat -tulpen | grep 8080 tcp6 0 0 127.0.0.1:8080 :::* LISTEN 1000 89190 14016/java
Now the proxy is in place it’s time to install genymotion for the android emulation. First install virtualbox.
Install virtualbox APT keys
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add - $ wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
Edit the /etc/apt/sources file and add this line:
deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian bullseye contrib
Update the repo and install virtualbox
$ sudo apt-get update $ sudo apt-get install virtualbox-6.1
- Now go the the genymotion website and download the latest bin file
- Make the file executable and run the installer
$ chmod +x genymotion-3.2.1-linux_x64.bin $ ./genymotion-3.2.1-linux_x64.bin
- Follow the wizards, create an genymotion account and create a new virtual device. In my example I used a google Pixel 3 with Android 10.
Now it’s time to configure the proxy within the android device!
Configure proxy in Android
Start the created virtual genymotion android device and copy the certificate file we create earlier with a simple drag and drop.
- Now we can can configure the proxy in the wifi settings.
- Go to settings > search for certificate and install the certificate.
Edit the wifi connection, add the proxy and restart the wifi.
- Edit the Wifi
- Go to the advance options
- Set the proxy to Manual
- The IP is always: 10.0.3.2 This is the “localhost” setting for the genymotion host server
- Port 8080
When you (re)connect the the wifi you have the accept the proxy error (but this is a good thing).
Now you will see all the traffic. But only the traffic for the apps who respect the android HTTP_PROXY settings. So this is what you can do when an app don’t respect this setting:
Rebuild the APK with APK-MITM
Now everything is in place. So the last thing we need to do is rebuild the APK file so we can proxing all the network traffic. So:
- First export the APK file trough the APK Export
- Place the APK somewhere on your disk
- Install npm (at least version 14)
$ curl -sL https://deb.nodesource.com/setup_14.x | sudo bash - $ sudo apt-get install nodejs npm
- Install java
$ sudo apt install openjdk-17-jre openjdk-17-jdk
- And rebuild the APK
$ npx apk-mitm SomeAppName.apk
And here we go!
Everything is in place now. So the only thing you have to do is drag & drop the *-patched.apk file to genymotion, install this file and you are fully in control 🙂