Kali Nethunter

This year, I replaced the old phone that has been in service for N years, with a new phone with 12G of RAM, which is even larger than the memory of the laptop I use. If it's just for playing games, it doesn't feel like it can fully utilize all the functions, but because I'm afraid it will affect daily use, I haven't rooted it. After a lot of trouble, I found that it doesn't affect turning it into a testing tool even without root, and those with similar needs can refer to this article.

Mobile app testing definitely requires a root environment, many people choose to use Android emulators, but the author enabled Hyper-V to use WSL2, causing conflicts with the vast majority of Android emulators, and saying goodbye to Android emulators. The author also tried using VirtualXposed, Taiji and other Xposed frameworks without root, but found that the compatibility is not very good, and the app is prone to crash. Later, it was found that there are also virtual machines on the Android platform, currently there are three products: VMOS, LightSpeed Virtual Machine, and X8 sandbox. Among them, VMOS has a normal version and a Pro version, the Pro version supports the selection of ROM for non-members, and can also import ROMs provided by netizens, while other virtual machines are built-in ROMs that cannot be modified.

After a series of tests by the author, the comparison is as follows

In summary, the LightSpeed Virtual Machine is the fastest, clean with no ads, but unfortunately, the current version does not support the xposed framework. VMOS Pro has poor compatibility with its own ROM, but the ROM compatibility provided by Coolan users is good, and turning off all app permissions does not affect the use of the virtual machine, which is very nice.

Think about running a virtual Android system on a mobile phone, with root environment and isolated from the host machine, which is simply the best way for mobile testing.

The following figure shows the author's four virtual machines opened simultaneously in small windows, independent and not conflicting with each other, and the total memory usage may not be more than 1G, with no pressure.

Kali Nethunter

The official document provides aNetHunter Rootlessmethod, that is, installation without root, which also supports KeX, so the effect shown in the figure can be achieved, and external display can obtain a complete desktop experience.

The difference with other versions of Nethunter can be seen in the following figure, which can realize most of the functions.

The main principle is based on Termux+Kex implementation, Termux is truly a magic tool, a magic tool that does not require Root. For a detailed introduction, please refer to the article of Guoguang senior.https://www.freebuf.com/geek/170510.html

The installation method of NethunterRootless can be referred to in the official documenthttps://www.kali.org/docs/nethunter/nethunter-rootless/

It is recommended to download Termux through f-droidhttps://f-droid.org/packages/com.termux/

The actual effect is shown in the following figure, and it will not be elaborated on here. Guoguang's article is very detailed.

By the way, wsl2 now also supports kex, as shown in the following figure, delicious!https://www.kali.org/docs/wsl/win-kex/

Docker environment

Virtual Android is available, virtual Kali is available, and you want to set up a target machine. Can there be Docker? The answer is definitely yes!

Although Termux is powerful and can install various Linux distributions, Linux based on Termux version still cannot run Docker. You need to install Qemu virtual machine on Termux, install alpine Linux on Qemu, and it is only at this time that you can experience the original taste of x86 Linux.

This kind of nesting operation may deter many people, fortunately, someone has integrated Termux+Qemu+Alpine into a good condition, named alpine-term, ready to use, just install an apk to open a completely configured alpine linux, the project address is:https://github.com/xeffyr/alpine-term/releases

All you need to do is manually install a docker

#Update apk software source
apk update
#Install docker
apk add docker
#Enable docker to start up at boot
rc-update add docker
#Start the docker service
service docker start
#Background start
setsid containerd
setsid dockerd

The initial configuration of the built-in alpine user has some limitations, and sudo -s can be used to switch to the root user for operation.

After docker is up and running, you need to manually configure Qemu's network mapping. In the Termux navigation bar, select QEMU and perform the following operations to add port mapping.

#Map the phone's 10022 port to the virtual machine's 22 port
(qemu)hostfwd_add tcp::10022-:22
#Delete port mapping to 10022
(qemu)hostfwd_remove tcp::10022
#View port mapping and network connections
(qemu)info usernet

For detailed help documents, please refer tohttps://xeffyr.github.io/alpine-term/docs/help.html

proxy packet capture

Finally, I recommend a mobile packet capture tool called HttpCanary, which supports multiple protocols such as HTTP, HTTPS, HTTP2, and WebSocket. Based onNetBareThe virtual gateway-interceptor design of the framework can very conveniently perform packet capture, modification, replay, and other operations on a single app. It can completely脱离电脑 perform packet capture analysis on a specific app. For detailed usage, please refer to the author's series of articles.https://juejin.im/post/6844903745562607624

End

This article comes to an end here, hoping to have the effect of throwing a brick to attract jade. If you have better mobile platform security tools, welcome to supplement them in the comment section.