Mobile (Android + iOS) — Offensive Testing Methodology

Quick Workflow

1. Static: pull the IPA/APK, decompile, dump resources/strings, identify endpoints
2. Dynamic: install on rooted/jailbroken device, hook with Frida, intercept TLS
3. Map exported attack surface: deep links, URL schemes, exported components
4. Storage / Keystore audit: where do secrets live, what protects them
5. API: every backend the app talks to is your scope — test like a web app

Lab Setup

Android

• Rooted device or Genymotion / Android Studio AVD with userdebug build
• Magisk for systemless root; LSPosed for hooks; Frida server matching device arch
• Burp / Mitmproxy with system-trusted CA via Magisk module (MagiskTrustUserCerts)