Fire up burp suite and configure the proxy to listen to all interfaces on port 8081
Configure proxy settings in the android emulator WIFI settings to be your localip:8081
Install Certificate to your emulator by exporting the burp certificate -> rename it to burp.cer -> push it to the emulator via adb push <PATH> then install it to your device
run app.py for your server and proxifiy traffic using burp and use all feature and collect all requests
# conver base.apk to base.jar./d2j-dex2jar.sh-f~/path/to/apk_to_decompile.apk# using jadx cli or jadx-gui you can get the similar ava source code β~jadxbase-dex2jar.jarβ~jadx-guiINFO-outputdirectory:base-dex2jarINFO-loading...INFO-Loadedclasses:6529,methods:40188,instructions:1564986INFO - Resetting disk code cache, base dir: /home/sallam/.cache/jadx/projects/base-dex2jar-4b505a6f3e3bda1e1de8b834d5846214/code
# Using apktool decompiling the apkβvulnAppsapktooldbase.apkI:UsingApktool2.9.3onbase.apkI:Loadingresourcetable...I:Decodingfile-resources...I:Loadingresourcetablefromfile:/home/sallam/.local/share/apktool/framework/1.apkI:Decodingvalues*/*XMLs...I:DecodingAndroidManifest.xmlwithresources...I:Regularmanifestpackage...I:Baksmalingclasses.dex...I:Copyingassetsandlibs...I:Copyingunknownfiles...I:Copyingoriginalfiles...βvulnAppsls6_3_SieveLoginBypass.zipbase.apksieve_patched_no_cryptobasebase-dex2jar.jarsieve_patched_no_crypto.apk
Analyze the code and android manifest.xml subl base/AndroidManifest.xml
Use drozer to give you an overview about the application <how to do it>
run app.package.info -a com.android.insecurebankv2
run app.package.attacksurface com.android.insecurebannkv2
