Friday, July 3, 22:39
Home how To How to turn Android smartphone into a penetration test device?

How to turn Android smartphone into a penetration test device?

Big companies are trying to improve the user experience by simplifying everything and increasing performance and connections with IoT's. Today with operating system Android being installed on the most powerful smartphones, there are advantages and disadvantages. For example, in a system Linux, there are pros and cons. The user who "Roots" on the mobile device, will be complete access in the system for viewing, editing and deleting files and folders from the Android system as well as for installing tools of various functions. At this point it is worth mentioning that it is easy to have a smartphone with penetration testing tools and run scan network, wireless scanning, sniffer, vulnerability scanning and other functions. But how do we turn an Android smartphone into a penetration tester?

Android preparation smartphone to convert it into a penetration tester
The Google Play provides two applications (free and paid) to have the bash terminal of an Android system. Once the application, we need to do the "Root" function to get full access to the Android system. Therefore, we can install penetration and monitoring testing tools.

Apt-get is a powerful package management system used to work with its APT (Advanced Packaging Tool) library Ubuntu to execute the installation of new packages software, removing existing software packages and upgrading existing software packages.

First of all we will use Linux warehouse distributions for penetration testing. By order “Apt-get update”, we will have reliable font tools. Apt-get is a powerful packet management system used in collaboration with Ubuntu's APT (Advanced Packaging Tool) library to perform the installation of new software packages, remove existing software packages, and upgrade existing software packages.

Tools we receive after updating the list:

  • NMAP: Security Scanner, Port Scanner and Network Exploration Tool.
  • Bettercap: Powerful tool for performing attacks.
  • MITM Setoolkit: Allows you to perform many Social Engineering activities.

We will first try the "NMAP" tool on the network where the smartphone is connected.

With NMAP installed, we have several ways to scan the network and test certain services located on servers. A network scan detected two network components, but without any vulnerable attack service.

Let's start the "sniffer" on the network to find important credentials in applications that do not use encryption For communication. Let's do a test with the "bettercap" tool.

penetration device - conversion

We got the credentials to connect to the access router. In addition to HTTP, we also receive HTTPS. With the weakest link of information security being the user, he will always be subject to attacks and even without realizing that the website's digital certificate will change to that of the intruder MITM attack.

Android smarthpfone

We may not use the smartphone 100% as a laptop with thousands of intrusion tools. Of course, we will have several limitations, because they are smartphones. However, we can use the mobile in bridge mode, known as "Pivoting". You can also use a VPS as a command control element and use rotation on Android to perform the penetration test.

Another method of forgery, by using tools to perform this technique and download Apache2 on Android, we can insert a malicious page so that the user can enter his credentials to connect to the page and thus gain access to it. . Once we change the test page from apache and leave the fake Google page for this test, we will enter the email and password to make sure the attack works.

As soon as the victim enters his credentials on the fake page, he will redirect to the Google page without realizing that he has been "violated".

In it, his credentials have already been recorded and suggested in a simple text file for better viewing. As a result of the loss of connection, the cracker program can gain silent access to your emails and files.

Android smartphone conversion to penetration test device

The content of this article, which concerns the conversion of an Android smarthphone into an intrusion test device, belongs to Priya James (Cyber ​​Security Enthusiast, Certified Ethical Hacker, Security Blogger, Technical Editor and Author in "GBHackers"). Secnews has no responsibility for this. This article is for educational purposes only. The experiment described was tested on any Android smartphone and no external sites were attacked.

The "Author" and "Secnews" will not be held liable in the event of criminal charges against any person who misuses the information on this site for breach of the law. It is strictly forbidden to reproduce this content, which involves the conversion of an Android smartphone into a penetration test device, without permission.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


Avaddon ransomware: Attacks through Excel 4.0 macros

Microsoft announced yesterday that Avaddon ransomware spread this week through an old technique that came to the fore again. The...

Apple: Prohibits updating Chinese Apps without permission

Apple is banning developers from updating existing apps in China's App Store if they don't have government approval.

Australia: Thousands of MyGov accounts are sold on the Dark Web

Access to more than 3600 MyGov accounts is being sold on the dark web, potentially exposing thousands of Australians to fraud and identity theft.

Party Time: Watch TV with your friends online

Party Time: Watch TV with your friends on the internet Time for a different party than you are used to, watching your favorite ...

CISA and FBI warn businesses of Tor's risks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to businesses regarding ...

openSUSE: The new Leap 15.2 hard drive has been released

Recently, the next stable version of the openSUSE operating system was released. According to the development team of the operating system, ...

What are the most popular types of malware?

Researchers are looking for the most common types of malware. During the investigation of the malicious activities, the researchers in cyberspace focus ...

REvil ransomware: Target the Light SA electricity company

The operators of REvil ransomware (also known as Sodinokibi) violated the Brazilian electricity company Light SA ...

LinkedIn: Our bug is due to an iOS problem

A representative of LinkedIn told ZDNet yesterday that an error in the iOS application was responsible for a seemingly "interfering behavior" that ...

Valak Info Stealer targets businesses in Europe and America

Many businesses in North and South America, but also in Europe, have fallen victim to the infamous Valak Info Stealer.