LogoLogo
  • About Me
  • Notes
    • Android Pentesting
      • First Android App
      • ADB
      • The INTERNET Permission
      • Installing Certificate in User Store
      • Installing system certificates
      • Install system certificates on android 14
      • apktool (for patching and decompiling)
      • Advanced Network interception using VPN
      • DNS Spoofing and Transparent Proxy
      • HTTP Mock
      • APK
      • Static analysis
        • Getting APK from a Device
      • Case Study: A Weather App
      • Frida & Objection
      • Frida Scripts
        • Tracing Activities
        • Tracing Fragments
      • Frida Trace
      • SSL Validation Bypasses
Powered by GitBook
On this page

Was this helpful?

  1. Notes
  2. Android Pentesting

The INTERNET Permission

  • In order to use any kind of network operation we need INTERNET permission which we can get by including Internet permission in AndroidManifest.xml file.

<uses-permission android:name="android.permission.INTERNET" />

  • Although after allowing internet it prevents users from making cleartext http requests. But we can enforce app to make cleartext http traffic if we really need to using (inside AndroidManifest.xml) :-

<application
	android:usesCleartextTraffic=true>
</application>

  • To send an HTTP request :-

try {
    URL url = new URL("<http://www.android.com/>");
    HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
    InputStream in = new BufferedInputStream(urlConnection.getInputStream());
    BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    StringBuilder sb = new StringBuilder();
    String line;
    while ((line = reader.readLine()) != null) {
        sb.append(line).append('\\n');
    }
    String result = sb.toString();
    runOnUiThread(() -> homeText.setText(result));
} catch (Exception e) {
    e.printStackTrace();
}

If it doesn’t work and we run into NetworkOnMainThreadException use this :-

ExecutorService executor = Executors.newSingleThreadExecutor();
executor.execute() -> {
    // previous code here :)
}

  • Packet logging with tcpdump is defined in :-

PreviousADBNextInstalling Certificate in User Store

Last updated 1 day ago

Was this helpful?

ADB