Friday, January 22, 04:51
Home how To How to turn Android smartphone into a penetration test device?

How to turn Android smartphone into a penetration test device?

Big companies are trying to improve the user experience by simplifying everything and increasing performance and connections with IoT's. Today with operating system Android being installed on the most powerful smartphones, there are advantages and disadvantages. For example, in a system Linux, there are positives and negatives. The user who "Roots" on the mobile device, will have full access in the system for viewing, editing and deleting files and folders from the Android system as well as for installing tools of various functions. At this point it is worth mentioning that it is easy to have a smartphone with penetration testing tools and run scan network, wireless scanning, sniffer, vulnerability scanning and other functions. But how do we turn an Android smartphone into a penetration tester?

Android preparation smartphone to convert it into a penetration tester
The Google Play provides two applications (free and paid) to have the bash terminal of an Android system. Once the application, we need to do the "Root" function to gain full access to the Android system. Therefore, we can install penetration testing and monitoring tools.

Apt-get is a powerful package management system used to work with its APT (Advanced Packaging Tool) library Ubuntu to execute the installation of new packages software, removing existing software packages and upgrading existing software packages.

We will first use Linux repositories for penetration testing. By order Apt-get update, we will have reliable font tools. Apt-get is a powerful packet management system used in collaboration with Ubuntu's APT (Advanced Packaging Tool) library to perform the installation of new software packages, remove existing software packages, and upgrade existing software packages.

Tools we receive after updating the list:

  • NMAP: Security Scanner, Port Scanner and Network Exploration Tool.
  • Bettercap: Powerful tool for performing attacks.
  • MITM Setoolkit: Allows you to perform many Social Engineering activities.

We will first try the "NMAP" tool on the network where the smartphone is connected.

With NMAP installed, we have several ways to scan the network and test certain services located on servers. A network scan detected two network components, but without any vulnerable attack service.

Let's start the "sniffer" on the network to find important credentials in applications that do not use encryption For communication. Let's do a test with the "bettercap" tool.

penetration device - conversion

We got the credentials to connect to the access router. In addition to HTTP, we also receive HTTPS. With the weakest link of information security being the user, he will always be subject to attacks and even without realizing that the website's digital certificate will change to that of the intruder MITM attack.

Android smarthpfone

We may not use the smartphone 100% like a laptop with thousands of intrusion tools. Of course, we will have several limitations, because it is a smartphone. However, we can use the mobile in bridge mode, known as "Pivoting". You can also use a VPS as a command control and use Android rotation to perform the penetration test.

Another method of forgery, by using tools to perform this technique and download Apache2 on Android, we can insert a malicious page so that the user can enter his credentials to connect to the page and thus gain access to it. . Once we change the test page from apache and leave the fake Google page for this test, we will enter the email and password to make sure the attack works.

Once the victim enters their credentials on the fake page, they will be redirected to the Google page without realizing that it has been "violated".

In it, his credentials have already been recorded and suggested in a simple text file for better viewing. As a result of the loss of connection, the cracker program can gain silent access to your emails and files.

Android smartphone conversion to penetration test device

The content of this article, which concerns the conversion of an Android smartphone into a penetration testing device, belongs to Priya James (Cyber ​​Security Enthusiast, Certified Ethical Hacker, Security Blogger, Technical Editor and Author in "GBHackers"). "Secnews" has no responsibility for this. This article is for educational purposes only. The experiment described was tested on any Android smartphone and no external sites were attacked.

The "Author" and "Secnews" will not be held liable in the event that criminal charges are brought against any person who misuses the information on this website for violating the law. Reproduction of this content, which involves the conversion of an Android smartphone into a penetration testing device, without permission is strictly prohibited.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...