渗透测试之移动端的常用工具,主要有Frida、Objection、MobSF等,如表所示:
Frida
https://github.com/frida/frida/releases
adb push C:\Users\axff\Downloads\frida-server-12.8.11-android-arm /data/local/tmp/.
Objection
https://github.com/sensepost/objection
MobSF
docker pull opensecurity/mobile-security-framework-mobsf
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Burp
Add proxy in Mobile WIFI settings connected to Windows Host Wifi pointing to 192.168.X.1:8080
Vbox Settings Machine -> Network -> Port Forwarding -> 8080
Burp Proxy -> Options -> Listen all interfaces
Tools
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security