Posted on by & filed under Content - Highlights and Reviews, Web Development.

When you are testing Android applications, you find yourself doing the same things again and again:

  • Installing the application
  • Running it
  • Changing the emulator network configuration (DNS server, proxy settings…)
  • Dumping the application data and logs
  • Re-installing and re-running the application

If you want to stay efficient, automation is the key. In this article, you will see how to quickly build a script to run a given Android application and save all relevant information in a directory (in /tmp). The script is written in Ruby, but can easily be translated in your favorite language.

This article assumes that you have a working Android emulator and the following tools installed and in your path:

Our goal here, is to go from an APK file to a running application with a given network setup and tcpdump running to save as much information as possible.

First, we need to build an Android Virtual Device (AVD). To do that, we are going to use the tool ‘android’ and create the name of the avd based on our apk file:

To speed up the boot process, we are going to use the ‘-memory 1024’ and ‘-no-boot-anim’. For example, using the http-proxy, the boot command line will look like (the code includes the directory creation):

Now that the emulator is starting, we need to wait for it to be ready and install the application we want. We can use ‘adb’ to get the state of the emulator and wait until it finishes booting:

Now, that the emulator is ready, we can install the APK:

Since the emulator is not always ready to install the APK just after booting, we do a loop until the application is installed.

In order to dump information from the application, we need to know where it gets installed. To do that, we need to extract the content of the APK file. We are going to extract the APK in /tmp/ using unzip:

We have now a file named AndroidManifest.xml’, so we will need to use ‘AXMLPrinter2’ to transform it from binary to an easy-to-read XML file:

It is easy to retrieve the package’s name using the XML file and a regular expression (or to parse it):

The application is now installed, and it is time to save the application directory before its first run:

To start the application, we need to figure out what activities can be used. More than one activity can be available for a given application. Here we will take the first one with an action named “android.intent.action.MAIN”.

The following code extracts this information:

We also need to adjust the application name, if it starts with a dot ‘.’ we need to add it to the application path, if it doesn’t, we don’t need do add anything:

After waiting for few seconds, we have our application running:

We can now dump the content of the application data:

Every time, you run the application, you will be able to gather information using the following commands:

  • ‘dumpsys’: to dump the system information
  • ‘logcat -d’: to retrieve the application logs

They can be run directly using ‘adb’, for example:

Now you can easily modify the proxy and/or DNS server used by the device to work with a different setup:

  • MITM using the proxy
  • Play with DNS to force the application to connect to you instead of the legitimate servers
  • No DNS resolution to see the how the application handle this
  • …everything you can think of

The good news is that your new toolbox will keep a dump of all network communication. You can then use tools like wireshark or scapy ) to understand the application.

Finally, we can transform the classes.dex file to a JAR file and unzip it to retrieve the compiled code of the application. The following code can be used to do this automatically:

You have now a normal JAR file and can start working on its content using jd-gui or unzip it and use JAD.

Safari Books Online has the content you need

Take advantage of these penetration testing resources in Safari Books Online:

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack. You learn how to properly utilize and interpret the results of modern day hacking tools; which are required to complete a penetration test. Tool coverage will include, Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, and more. A simple and clean explanation of how to utilize these tools will allow you to gain a solid understanding of each of the four phases and prepare them to take on more in-depth texts and topics. This book includes the use of a single example (pen test target) all the way through the book which allows you to clearly see how the tools and phases relate.
Wireless has become ubiquitous in today’s world. The mobility and flexibility provided by it makes our lives more comfortable and productive. But this comes at a cost. Wireless technologies are inherently insecure and can be easily broken. BackTrack is a penetration testing and security auditing distribution that comes with a myriad of wireless networking tools used to simulate network attacks and detect security loopholes. BackTrack 5 Wireless Penetration Testing Beginner’s Guide takes you through the journey of becoming a Wireless hacker. You will learn various wireless testing methodologies taught using live examples, which you will implement throughout this book. The engaging practical sessions very gradually grow in complexity giving you enough time to ramp up before you get to advanced wireless attacks.
The internet security field has grown by leaps and bounds over the last decade. Everyday more people around the globe gain access to the internet and not all of them with good intentions. The need for penetration testers has grown now that the security industryhas had time to mature. Simply running a vulnerability scanner is a thing of the past and is no longer an effective method of determining a business’s true security posture. Learn effective penetration testing skills so that you can effectively meet and manage the rapidly changing security needs of your company. Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide will teach you how to efficiently and effectively ensure the security posture of environments that have been secured using IDS/IPS, firewalls, network segmentation, hardened system configurations and more. The stages of a penetration test are clearly defined and addressed using step-by-step instructions that you can follow on your own virtual lab.

About this authors

Louis Nyffenegger ( is a security consultant working in Melbourne. Louis is the creator of PentesterLab, a set of exercises built to aid in the learning of security and penetration testing. Each exercise provides a course and a vulnerable system to easily detect, test and exploit security issues. PentesterLab’s exercises are based on real life scenarios and teach people how to think like an attacker and go from one issue to fully compromised systems.

Tags: ADB, android, APK, DNS, Penetration Testing,


  1.  Securing BYOD in the Enterprise Cloud | Safari Books Online's Official Blog