Offensive Mobile Penetration Testing

Extract IP and URL endpoints from an APK

OMPT

How to Extract IP and URL endpoints from an APK?

Following are the topics that we will cover [Offensive Mobile Penetration Testing]:

• 1️⃣ How to use the APK2URL framework?
• 2️⃣ Dependency Installation
• 3️⃣ Platform OS [Which platform should APK2URL be installed on?]
• 4️⃣ Live APK Download
• 5️⃣ Extract IP & URL Endpoints from Live APK

Note 1: If you have any confusion, I have recorded a video for the same. Check at [ Bottom ]

1️⃣ How to use the APK2URL framework?

A tool to quickly extract IP and URL endpoints from APKs by disassembling and decompiling.

💡 1. APK2URL

apk2url easily extracts URL and IP endpoints from an APK file and performs filtering into a .txt output. This is suitable for information gathering by the red team, penetration testers, and developers to quickly identify endpoints associated with an application.

📝 NOTE2:

Why use apk2url?** When compared with APKleaks, MobSF, and AppInfoScanner, apk2url identifies a significantly higher number of endpoints.

Learn more about Hacker Associate, Offensive Mobile Penetration Testing: IOS and Android Live Apps Certification Modules.

Certification | Offensive Mobile Penetration Testing

2️⃣ Dependency Installation

git clone https://github.com/n0mi1k/apk2url

Use apt for easy installation of these tools required by apk2url:

sudo apt install apktool
sudo apt install jadx

3️⃣ Platform OS [Which platform should APK2URL be installed on?]

I am using Kali Linux platform 

Obtain Relevant Certifications:

Validate your expertise and skills by obtaining industry-recognized certifications such as Offensive Cloud Penetration Testing(OCPT), Advanced Web Application Penetration Tester (AWAPT), Offensive Security Certified Professional (OSCP), and others.

These certifications not only enhance your professional profile but also attest to your dedication and proficiency in the field.

4️⃣ Live APK Download

Download Live APK from the below link:

https://zomato.en.uptodown.com/android

5️⃣ Extract IP & URL Endpoints from Live APK

apk2url git:(main) ✗ ./apk2url.sh diva-beta.apk

apk2url git:(main) ✗ ./apk2url.sh diva-beta.apk 


Take any APK and extract the IP and URL Endpoints from LIVE APK

Follow us:

LinkedIn Hacker Associate:

https://in.linkedin.com/company/hackerassociate

YouTube Channel Link:

https://www.youtube.com/channel/UCKKQ9cHunjbEnoe4W747SYg

Discord: https://discord.gg/jaRBBXXcqa

Official Web: https://hackerassociate.com/

Twitter: https://twitter.com/harshad_hacker

LinkedIn Personal: https://in.linkedin.com/in/hackerharshad

Telegram: https://t.me/hackerassociate

Video:

Offensive Mobile Pentesting: Extracting IP and URL Endpoints from APK

Thanks and Regards

Harshad Shah

Founder & CEO, Hacker Associate