This module walks through an Android pentest with the two tools that do most of the heavy lifting: Objection (Frida-powered dynamic analysis) and Frida (runtime hooking framework). Setup, SSL-pinning bypass, local-storage inspection, method hooking β in practice, not theory.
Lab prerequisites
- Rooted Android device or emulator (Genymotion + Magisk works reliably)
- Frida server binary for the device’s architecture on port 27042
- Python + pip install frida-tools objection
- The target APK installed on the device
- Burp Suite (or mitmproxy) with CA cert installed in the user or system cert store
Starting Frida server on the device
adb push frida-server-16.x-android-arm64 /data/local/tmp/frida-server
adb shell
su
chmod 755 /data/local/tmp/frida-server
/data/local/tmp/frida-server &
# From host β confirm
frida-ps -U | head
# Output shows running processes on the device
Attaching Objection
# Package name is what you see in the manifest / Play Store URL
objection --gadget com.target.app explore
# You're now in an interactive REPL on the running app
com.target.app on (Android: 13) [usb] # help
SSL pinning bypass
Apps that pin the server certificate reject Burp’s proxy cert unless you bypass. Objection has a one-liner:
android sslpinning disable
# This hooks OkHttp3, HttpsURLConnection, WebView, TrustManager, and more
# Most apps β traffic now flows through Burp after this single command
When the Objection bypass does not work β custom pinning library, native implementation, or WebView with strict client auth β write a custom Frida script. Example for a specific function:
π Intermediate Module Β· Basic Tier
Continue reading with Basic tier (βΉ499/month)
You've read 33% of this module. Unlock the remaining deep-dive, quiz, and every other Intermediate module.
99+ modulesAll levels up to this tier
20-question quizzesUnlimited retries with explanations
Completion certificatesShareable on LinkedIn
3 more sections locked below