While working on a project, Metasploit HTTP reverse shell was crashing, so i decided to write this project for anyone who would need to generate a malicious apk for testing (authorized) or learning Android Security. It sends over a reverseshell over HTTP tunnel. Future extensions may include HTTPS too.
- Clone the github repo and Import this project into Android Studio. Change the below lines for configuring your hostname to get reverse shell.
-
Build the project and generate APK.
-
Run a server for reverse shell to connect back. https://github.com/In3tinct/Information-Security/blob/master/Python-Server-For-ReverseShell/pythonserver.py
python3 pythonserver.py
- Transfer the generated APK to the device and run it, wait for reverse shell.
I've used multiple online sources to built this project.
Please cite, If you use this software in your Research papers, articles etc.
@software{Agrawal_Android-ReverseShell-HTTP_Research_project_2022,
author = {Agrawal, Vaibhav},
month = aug,
title = {{Android-ReverseShell-HTTP: Research project for Android Security}},
url = {https://github.com/In3tinct/Android-ReverseShell-HTTP},
version = {1.0.0},
year = {2022}
}
Apache 2.0; see LICENSE for details.
This is an experimental project and the owner of this project shall not be held liable for any actions performed using this tool. It is the sole responsibility of the end-user.
