Mobile Security Cheat Sheet

Mobile application security testing — Android/iOS static analysis, ADB dynamic analysis, traffic interception, SSL pinning bypass, and Frida instrumentation. (24 payloads)

Android Static Analysis

(5)

apktool d app.apk -o output/

Decompile APK resources and manifest

jadx -d output/ app.apk

Decompile APK to Java source code

grep -r "password\|apikey\|secret\|token" output/ --include="*.xml" --include="*.java"

Find hardcoded secrets in decompiled APK

cat output/AndroidManifest.xml | grep -E "android:exported|android:permission"

Find exported components in AndroidManifest

cat output/res/values/strings.xml

API keys often stored in strings.xml

Android Dynamic Analysis (ADB)

(5)

adb shell dumpsys activity | grep -i "intent\|component"

List running activities and intents

adb logcat | grep -i "password\|token\|secret\|error"

Filter logcat for sensitive data leaks

adb shell run-as com.target.app ls /data/data/com.target.app/

App private files (debuggable apps only)

adb shell content query --uri content://com.target.app.provider/

Content provider access — may expose data without auth

adb shell am start -n com.target.app/.SomeInternalActivity

Launch exported activity directly via ADB

Android Traffic Interception

(3)

adb reverse tcp:8080 tcp:8080

Route device traffic through Burp on PC

frida -U -l ssl-pinning-bypass.js -f com.target.app

Bypass SSL pinning via Frida script

Edit network_security_config.xml to add <certificates src="user"/> under <trust-anchors>

Trust user certificates via network security config

iOS Static Analysis

(3)

class-dump -H target.app/Target -o headers/

Extract Objective-C class headers from binary

Find secrets in iOS binary strings

find . -name "*.plist" | xargs grep -l "password\|key\|token"

Find sensitive data in plist files

iOS Dynamic Analysis (Frida/Objection)

(6)

objection -g com.target.app explore

Start interactive Objection exploration session

ios sslpinning disable

Disable SSL pinning via Objection

ios keychain dump

Dump iOS Keychain entries via Objection

ios nsuserdefaults get

Dump NSUserDefaults key-value store

ios hooking list classes

List all Objective-C classes loaded at runtime

ios hooking watch class ClassName

Monitor all method calls on a class

Frida Scripts

(2)

frida -U -l bypass-jailbreak.js com.target.app

Bypass jailbreak/root detection via Frida

Java.perform(function() {
  var TrustManager = Java.use('javax.net.ssl.X509TrustManager');
  // Override checkServerTrusted to bypass SSL pinning
});

Frida: override TrustManager to disable certificate validation (Android)

ShareX LinkedIn Reddit

Level up your security testing

Install the CLI

npx payload-playground

Explore All Tools

Encoding, hashing, JWT & more

Browse Cheat Sheets

Quick-reference payload guides

Related Generators

Mobile Security

Related Cheat Sheets

Post-Exploitation Cheat Sheet

$loading...