(Preferably) Use a VPN
- AlgoVPN https://github.com/trailofbits/algo
- OpenVPN (AS) https://openvpn.net/index.php/access-server/overview.html
- 3rd party service, e.g. ProtonVPN https://protonvpn.com
Install a proxy tool of choise
- OWASP ZAP https://github.com/zaproxy/zaproxy/wiki/Downloads
- BurpSuite https://portswigger.net/burp/communitydownload
Android Studio
- On macOS:
brew cask install android-studio - Manually download and install: https://developer.android.com/studio/index.html
- Install SDK Platforms: http://take.ms/kyWuF
- Install SDK Tools: http://take.ms/H5iZP
Read Privatbank Bug Bounty program brief
- In general: https://bugbounty.privatbank.ua/help
- Specifically: http://take.ms/LcAPX
Download Andriod application
- https://privatbank.ua/apps
- https://privatbank.ua/apps/privatbudzhet
- https://play.google.com/store/apps/details?id=ua.privatbank.pfm
- https://apps.evozi.com/apk-downloader/?id=ua.privatbank.pfm
Create virtual device
- Hardware: http://take.ms/Yg9VC
- Image: http://take.ms/CTboN
- Large (2GB) flash: http://take.ms/ykYSK
- Note: DON'T enable device frame
Startup the emulator
emulator -avd OWASPKyiv -writable-system -http-proxy http://127.0.0.1:8080
Look around
adb devices
adb shell
Install Burp/ZAP certificate
- Export from http://127.0.0.1:8080
- Convert CER to PEM and push to device
openssl x509 -inform der -in cacert.der -out cacert.pem
adb push cacert.pem /sdcard/
- Settings / Security / Install from SD card
Install Xposed Framework Installer
- Official: http://repo.xposed.info/module/de.robv.android.xposed.installer
- Android after 5.0/5.1: https://forum.xda-developers.com/showthread.php?t=3034811
adb install XposedInstaller_3.1.4.apk
Root the device: bash emulator_root.sh
#!/bin/bash
adb root
adb remount
adb -e push su.pie /system/xbin/su
adb shell chmod 06755 /system/xbin/su
adb shell su --install
adb shell su --daemon&
adb shell setenforce 0
Repeat Xposed installation
Install Inspeckage and SSL Unpinning
Forward local ports
adb forward tcp:8008 tcp:8008
Access http://:8008 on laptop
Install APK for testing
adb install ua.privatbank.pfm.apk
Have fun!