WEBVTT

00:00.760 --> 00:05.770
Now, before you start testing the insecure bank application, you're going to need to set up the application

00:05.770 --> 00:08.970
and it's back in server, so let's get started.

00:10.110 --> 00:15.120
So go to your Calli machine, log in with the default credentials, Caleigh and Kouy.

00:16.490 --> 00:22.880
So when I started calling Linux and switched to full screen mode, first it will display a black screen.

00:23.820 --> 00:28.350
Now, if you encounter this problem, you can just exit full screen and re-enter.

00:29.490 --> 00:35.400
But I think we're coming up against this problem because I've recently increased resolution of this

00:35.400 --> 00:35.700
green.

00:37.110 --> 00:42.720
It's OK now, so let's open up the Web browser and search for insecure bank.

00:45.040 --> 00:51.370
And the creator of this application provides a detailed guide on its GitHub page about how to set up

00:51.370 --> 00:54.370
the application and its back end server.

00:55.480 --> 00:56.620
So let's have a look at this.

00:57.610 --> 00:58.870
Click on Usage Guide.

01:01.680 --> 01:02.520
Scroll down a bit.

01:05.630 --> 01:07.490
All right, so we've completed the first step.

01:07.520 --> 01:09.110
Let's have a look at the second step.

01:13.190 --> 01:15.590
So we'll need to clone the repository.

01:17.380 --> 01:25.270
And you know something, I don't want to go back from this page, so I'll just quickly open the GitHub

01:25.270 --> 01:26.770
page in a new tab.

01:30.120 --> 01:31.950
So copy the you are el.

01:33.640 --> 01:38.500
Open terminal screen and first switch user to route.

01:39.990 --> 01:43.470
Run, git, clone and paste, you are out of the repo.

01:48.400 --> 01:52.270
OK, so let's change the directory to insecure bank folder.

01:53.860 --> 01:54.790
Was philes.

01:56.450 --> 01:59.240
Now let's go to the Andrew lab server folder.

02:00.810 --> 02:04.350
And before running, the server will need to install requirements.

02:05.460 --> 02:09.960
Run, pip, install, dash, are requirements strict?

02:11.510 --> 02:15.650
Now, run apple pie, which is the script with the Python command.

02:17.570 --> 02:25.520
Oh, and there are some missing modules, so let's install again what is required using the Python command

02:25.820 --> 02:31.340
and give PIP module with dash and parameter, which means module, by the way.

02:32.810 --> 02:40.850
So this area is caused by the default Python version installed in Calli, which is three, so the PIP

02:40.850 --> 02:44.730
module runs also with Python three in new Caleigh versions.

02:44.750 --> 02:49.700
However, the server of the Insecure app is written in Python two.

02:49.710 --> 02:52.760
So that means we'll need to install PIP to.

02:53.890 --> 02:57.700
So go to the browser and search for PIP, install for Python to.

02:59.490 --> 03:00.960
Let's have a look at the first Web site.

03:04.070 --> 03:07.370
So as you can see here, we can install Pip, too, with the script.

03:08.410 --> 03:12.850
So let's download it with you, get and copy this line.

03:13.830 --> 03:14.430
Paste it.

03:16.400 --> 03:17.350
All right, we got it.

03:18.650 --> 03:20.420
So now run it with Python to.

03:28.500 --> 03:32.330
So we can install the requirements again.

03:37.080 --> 03:43.500
And that makes it work, so this time we can go ahead and run the server will start the Android virtual

03:43.500 --> 03:43.920
device.

03:45.310 --> 03:51.190
Now, hopefully you remember that we can figure the first network adapter of the Android virtual device

03:51.190 --> 03:56.140
host only and the second adapter to be net network.

03:57.760 --> 04:02.350
Network Adapter of the Calli machine is also on Nat network.

04:07.080 --> 04:13.440
So let's open the Wi-Fi ADB app, and now we can see the IP address of the Net network.

04:15.620 --> 04:19.940
Now, what we'll do is connect the simulator from Kali.

04:21.870 --> 04:29.700
Open a new tab, the terminal screen and run ads connect, and that's the command with the IP address

04:29.700 --> 04:30.510
in Port No.

04:34.870 --> 04:37.150
All right, so that connects to the emulator.

04:39.000 --> 04:40.110
Now let's go to the guide.

04:41.710 --> 04:48.400
So the next step is to install the insecure bank application onto the emulator via Adibi.

04:49.760 --> 04:56.480
So first, we'll need to download the app file from that GitHub page.

04:57.320 --> 05:01.040
All right, so just make sure it's the latest release.

05:02.170 --> 05:03.940
Download the APK file.

05:07.160 --> 05:09.890
OK, so now we can launch the application.

05:10.880 --> 05:16.790
Go to the directory where you downloaded the APK file, and as you can see, it's here for me.

05:18.430 --> 05:24.310
So we'll run AB install and the insecure bank apk file.

05:25.640 --> 05:30.080
All right, so we got a success message and we feel good about our success.

05:31.220 --> 05:32.490
Let's control the app.

05:32.950 --> 05:40.010
All right, so the insulation's completed, and as you can see here, the version of Android 10 will

05:40.010 --> 05:44.500
ask us to access these files prior to Android six.

05:45.080 --> 05:50.990
You could reasonably assume that if your app is running at all, it has all the permissions it declares

05:50.990 --> 05:52.040
in the app manifest.

05:52.700 --> 06:01.640
Beginning with Android six dot zero API Level 23 users grant and revoke app permissions at runtime instead

06:01.640 --> 06:03.620
of doing so when they install the app.

06:05.070 --> 06:10.800
So for security testing will assume that the user has granted full access permissions for these files.

06:12.510 --> 06:20.220
Android has also added support for YNAB updates that works with devices running Android 5.0, API Level

06:20.220 --> 06:21.840
21 or higher.

06:23.000 --> 06:24.140
And again, we're not going to.

06:25.210 --> 06:26.980
Check for updates, for testing.

06:28.700 --> 06:34.400
Now, to connect to The Observer, we need to configure the server from the preferences at the top right

06:34.400 --> 06:34.790
corner.

06:36.170 --> 06:41.660
So we need to know the IP address and where the Andrle lab server is running.

06:42.170 --> 06:48.380
So in our case, this is the IP address of my net network adapter and Port eight eight eight eight for

06:48.380 --> 06:49.730
my calling machine.

06:50.220 --> 06:52.280
Let's go ahead and check with the config command.

06:53.840 --> 06:56.150
Of course, we'll need to run it with pseudo.

06:57.460 --> 06:59.140
All right, so here's the IP address.

07:00.230 --> 07:02.690
And we can complete the configuration.

07:04.100 --> 07:11.690
OK, let's log in with the default credentials of the application, and sure you remember it was written

07:11.690 --> 07:24.320
on the GitHub page username DENR, S.H. Password, Capital D i n e as H at one, two, three dollar

07:24.320 --> 07:24.790
sign.

07:25.610 --> 07:27.110
Click on log in.

07:28.140 --> 07:29.220
And we're now in.

07:30.740 --> 07:37.250
So let's check the observer and what you're looking at is a message, it shows a log and activity.