Pentesting Android Cheatsheet

This post contains a collection of instructions useful for pentesting an Android app I found on the Internet. Basically, It is my Android cheatsheet and it’s here so that it will be easily accessible in the future from me or anyone else that has to assess Android devices and apps.



Cross-Compile for Android – Installing Tcpdump

After “rooting” an Android phone, I was attracted by the idea of installing supplementary binaries on the device. Usually after rooting the Android device, you will be finding Busybox installed. This application allows your Android phone to execute a list of common unix like commands such as ls, grep, ifconfig, awk etc… To retrieve the list of available command and the version of your Busybox just run Busybox without parameters from the command line:

$ busybox

At that time I was interested in monitoring the connection made by an application installed on the phone, so my target was to take Tcpdump onto the Android phone.