# Android
## Rootear dispositivo
* Recurso:
* Android > 7:
## Extraer apk del dispositivo
{% hint style="info" %}
El dispositivo debe tener el *modo desarrollador* activado, y estar conectado al pc.
{% endhint %}
Usar el Package Manager (pm) en la shell de [abd ](/securiters-wiki/_tools/apps-moviles/adb.md)para listar los paquetes:
```bash
adb shell pm list packages | sort
```
Para listar la ruta donde se encuentra el fichero .apk:
```bash
adb shell pm path com.appName
package:/data/app/com.appName/base.apk
```
Descargar el apk:
```bash
adb pull data/app/com.appName/base.apk
```
## Instalar apk en el dispositivo
* Con [ADB ](/securiters-wiki/_tools/apps-moviles/adb.md)Listar los dispositivos conectados
```bash
adb devices
```
Instalar la aplicación en el dispositivo
```bash
adb install C:\path\to\appName.apk
```
## Bypass SSLPinning
* Deshabilitar en una app con [Objection](/securiters-wiki/_tools/apps-moviles/objection.md)
```bash
com.appName on (Android) [usb] # apk sslpinning disable
```
* Deshabilitar en una app con [FRIDA](/securiters-wiki/_tools/analisisdinamicoios.md)
```bash
frida --codeshare sowdust/universal-android-ssl-pinning-bypass-2 -U -f com.appNa
```
{% hint style="info" %}
Herramienta:
[Android-CertKiller](https://github.com/51j0/Android-CertKiller) permite automatizar este proceso
```
python main.py -p 'root/Desktop/base.apk'
```
{% endhint %}
## Configurar Burp Suite en el dispositivo
Conectar el dispositivo a la misma red que el pc
* Opcion alternativa con dispositivo físico: Activar la "zona con cobertura" (mobile hotspot) en el pc.
* Teniendo en cuenta que el movil debe estar rooted
1. Wifi > redConectada > configurar proxy > manual > IP del pc + puerto de burp (8082)
2. Abrir el navegador y escribir > instalar Certificado
* En caso de Android > v7 -> [Añadir certificado en la system store](https://gist.github.com/pwlin/8a0d01e6428b7a96e2eb)
## Recursos y enlaces de referencia de Android
* [OWASP MSTG Official repo](https://github.com/OWASP/owasp-mstg)
* [Mobile Security Testing Guide by OWASP (Android & iOS](https://mobile-security.gitbook.io/mobile-security-testing-guide/))
* [Guía OWASP iOS y Android](https://mobile-security.gitbook.io/mobile-security-testing-guide/)
* [Android-Security-Reference](https://github.com/doridori/Android-Security-Reference)
* [Android Security Awesome](https://github.com/ashishb/android-security-awesome)
* [Introducción a ingeniería inversa de Android](https://www.ragingrock.com/AndroidAppRE/)
* [Bypassing SSL Pinning on Android](https://levelup.gitconnected.com/bypassing-ssl-pinning-on-android-3c82f5c51d86)
* [How to Bypass Certificate Pinning with Frida on an Android App](https://approov.io/blog/how-to-bypass-certificate-pinning-with-frida-on-an-android-app)
### Para practicar Android
* [APK InsecureShop](https://github.com/optiv/InsecureShop)
* [APK DIVA](https://github.com/payatu/diva-android‣)
* [InjuredAndroid - CTF](https://github.com/B3nac/InjuredAndroid)
* [OWASP UnCrackable Mobile Apps](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes#android)
* [AndroGoat](https://github.com/satishpatnayak/AndroGoat)
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://wiki.securiters.com/securiters-wiki/movil/android.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.