AndroL4b – A Virtual Machine For Assessing Android Applications, Reverse Engineering and Malware Analysis

AndroL4b - A Virtual Machine For Assessing Android Applications, Reverse Engineering and Malware Analysis

AndroL4b is an android security virtual machine based on Ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis.

Tools:

  • Radare2: Unix-like reverse engineering framework and commandline tools
  • Frida: Inject JavaScript to explore native apps on Windows, macOS, Linux, iOS, Android, and QNX.
  • ByteCodeViewer Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
  • Mobile Security Framework (MobSF) (Android/iOS) Automated Pentesting Framework (Just Static Analysis in this VM)
  • Drozer Security Assessment Framework for Android Applications
  • APKtool Reverse Engineering Android Apks
  • AndroidStudio IDE For Android Application Development
  • BurpSuite Assessing Application Security
  • Wireshark Network Protocol Analyzer
  • MARA Mobile Application Reverse engineering and Analysis Framework
  • FindBugs-IDEA Static byte code analysis to look for bugs in Java code
  • AndroBugs Framework Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications
  • Qark Tool to look for several security related Android application vulnerabilities

    Labs:

    • Damn Insecure and vulnerable App for Android(DIVA) Vulnerable Android Application
    • InsecureBankv2 Vulnerable Android Application
    • Android Security Sandbox An app showcase of some techniques to improve Android app security
    • GoatDroid A fully functional and self-contained training environment for educating developers and testers on Android security
    • Sieve: A Password Manager App, showcasing some common Android vulnerabilities.

      AndroL4b Screenshot 1

      AndroL4b Screenshot 2

      AndroL4b Screenshot 3

      AndroL4b Screenshot 4

      AndroL4b Screenshot 5

      Download Androl4b Part 1

      Download Androl4b Part 2

      Download Androl4b Part 1

      Download Androl4b Part 2

      You might also like:
      • WordBrutePress – A Multithreaded WordPress Bruteforcing Tool
      • USBTracker – Tool To Track USB Devices Events and Artifacts In a Windows OS
      • 0d1n – Tool For Bruteforcing Web Applications
      • Security Onion – Linux Distro for Intrusion Detection, Network Security Monitoring, and Log Management
      • Beginner’s Guide To The Deep Web and The Dark Web
      • RouterCheck – Tool For Protecting Your Router (Android App)
      • zANTI – Android App For Hackers
      • How To Change (spoof) MAC Address on Android (3 Methods)


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      MARA – A Mobile Application Reverse Engineering and Analysis Framework

      MARA - A Mobile Application Reverse Engineering and Analysis Framework

      MARA is a mobile application reverse engineering and analysis framework. It is a collection of commonly used mobile application reverse engineering and analysis tools integrated together to assist in testing mobile applications against the OWASP mobile security threats. Its primary objective is to make this task easier and friendlier to mobile application developers and security professionals.

      Features:

      • APK Reverse Engineering
        • Disassembling Dalvik bytecode to smali bytecode via baksmali and apktool.
        • Disassembling Dalvik bytecode to java bytecode via enjarify.
        • Decompiling APK to Java source code via jadx.
      • APK Analysis
        • Parsing smali files for analysis via smalisca.
        • Dump apk assets,libraries and resources.
        • Extracting certificate data via openssl.
        • Extract strings and app permissions via aapt.
        • Identify methods and classes via ClassyShark.
        • Scan for apk vulnerabilities via androbugs.
        • Analyze apk for potential malicious behaviour via androwarn.
        • Identify compilers, packers and obfuscators via APKiD.
        • Extract execution paths, IP addresses, URL, URI, emails via regex.

      • APK Manifest Analysis
        • Extract Intents.
        • Extract exported activities.
        • Extract receivers.
        • Extract exported receivers.
        • Extract Services.
        • Extract exported services.
        • Check if apk is debuggable.
        • Check if apk allows backups.
        • Check if apk allows sending of secret codes.
        • Check if apk can receive binary SMS.

      Installing MARA on Linux/Nethunter

      MARA ships with a script that assists in downloading and installing the dependencies for each of the tools and components it ships with. Simply run the setup.sh script with sudo privileges and it will install them. If you are using a Mac, simply run the setup_mac.sh script instead.

      Watch the MARA install guide video:

      In order to make updating MARA easier, it now ships with an update script that once executed, will pull the most recent version from github and replace the files the ones stored locally. The script will not interfere with the data folder where the analysis files reside. Simply execute ./update.sh and you are good to go. The update script will also run the new setup file that’s been downloaded to ensure that the dependencies for the new tools are met.

      After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

      All the analysis data and file conversions are stored in the data folder i.e. /MARA_Framework/data/file_name. All the tools included in the Framework can be used standalone, they are all available in the tools folder i.e. /MARA_Framework/tools.

      MARA facilitates the deobfuscation of APK files via apk-deguard.com. You can deobfuscate APKs of any file size without limitations. However, the larger the APK the longer the deobfuscation duration.
      MARA ships with a stand alone deobfuscation script that could come in handy for analyzing individual APK files. Simply run ./deobfusctor.sh and point it the APK you would like to deobfuscate. This feature requires an active internet connection.

      MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The domain SSL scanning component requires an active internet connection. The standalone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed.

      The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/. Please note that pyssltest scanner is intended to be used for scanning domains with SSL enabled. Do not scan IP addresses.

      While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in /MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/.

      • Smali control flow graphs:

      MARA is capable of generating control flow graphs from smali code. This is achieved by utilizing Smali-CFGs. The graph generation is optional and can be time consuming depending on the size of the android app being analyzed. The graphs are stored in two folders i.e. apktool_cfg and baksmali_cfg respectively in the location /MARA_Framework/data/file_name/smali/

      The graph generation runs in the background and you can check its completion by tailing the log files apktool_cfg.log and baksmali_cfg.log in the location mentioned above.

      • Progress monitoring:
        • The analysis data dumped by MARA will be located at data/app_name folder.
        • Where applicable, each space character on the provided file is replaced with a respective underscore character.
        • You can monitor the APK deobfuscation process by tailing data/app_name/source/deobfuscated/deobf.log
        • You can monitor the smali CFG generation by tailing these two files i.e. data/app_name/smali/apktool_cfg.log and data/app_name/smali/baksmali_cfg.log
        • You can monitor the domain ssl scan by tailing these two log files data/app_name/analysis/dynamic/ssl_scan/logs/pyssltest.log and data/app_name/analysis/dynamic/ssl_scan/logs/testssl.log


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      3 Best Free Steganographic Tools For Android

      StegDroid Logo

      StegDroid Alpha is a simple app that you can use to hide text messages inside an audio file. This app also allows you to encrypt those messages with a secret key.

      StegDroid Screenshots

      If you are paranoid about the privacy of your secret communications, you can enable the Paranoid Mode, that will delete all the data when the StegDroid is closed.

      I hope you liked this article. If you did, please share this article… Because sharing is caring…

      And, if you know any good steganographic android apps, please let me know.

      Peace out…


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      Top 7 Best Free Firewall Apps For Android

      You probably know that the Firewall is a controllable barrier between your network and untrusted networks. But did you know that the term “

      ” was borrowed from firefighting and fire prevention where the firewall is a barrier established to prevent the spread of fire?

      The Firewall technology was emerged in the late 1980s, before that time the only network security was the Access Control Lists residing on routers. Unlike today’s Firewalls, the ACLs were not that smart at managing the connections.

      The first type of firewall was the packet filter which blocks the packet if that doesn’t match with the packet filter’s set of filtering rules. This type of packet filtering stores no information about the connection state, it only filters each packet based on information contained in the packet itself.

      I hope now you got a pretty good understanding about the Firewalls. If you want to know more, please refer the following Wikipedia article.

      Now let’s dive into the list….

      The first one on my list is…

      NoRoot Firewall Logo

      If you have read the article titled “Top 17 Antiviruses For Android“, you probably know some apps that has the Firewall feature, and you know it requires root access. But this app doesn’t require root access at all because instead of using superuser privileges, it controls the traffic by creating a local VPN.

      The UI design is simple but good looking. And, It allows you to block apps’ access to a particular connection type which is very useful if you want to block an app from accessing WiFi or Mobile Data.

      NoRoot Firewall Screenshots

      When the Firewall is activated, you will receive notifications if anything wants to connect to or from the internet, and you can allow or deny it.

      It also allows you to create filter rules based on IP address, host name or domain name. That means, you can allow or deny only specific connections of an app.

      If you want the details of previous communications, you can get that from the “ACCESS LOG” tab.

      Note: NoRoot Firewall may not work on LTE because it currently doesn’t support IPv6.

      NetGuard Logo

      Like NoRoot Firewall, this one also doesn’t require root access. But it supports both IPv4 and IPv6. 

      I really like the material designed UI of NetGuard, it’s pretty cool. In the app, you can search for a particular app or sort apps based on their name, UID or data usage.

      NetGuard Screenshots

      NetGuard is not completely free, if you upgrade to the pro version you will be able to view traffic log, filter network traffic, receive new application notifications, see the network speed as a graph in a status bar notification, and change the app’s appearance.

      There are some unique features in this app, they are listed down below.

      • Tethering supported.
      • Multiple device users supported.
      • Optionally allow when screen on.
      • Optionally block when roaming.
      • Optionally block system applications.
      • Optionally notify when an application accesses the internet.
      • Optionally record network usage per application per address.

      DroidWall Logo

      DroidWall is the most popular app in this list. It allows you to manually define custom iptables rules, other than that, it is a simple Firewall app.

      DroidWall Screenshots

      This app requires root access. If your device is not rooted, search for a rooting tutorial on the web because there is no defined way to root all android devices.

      If you want to change the mode, just click on the Mode, it will display two options: White list (allow selected), and Black list (block selected).

      Note: Disable the firewall before uninstalling, otherwise you will need to reboot your device to turn it off.

      AFWall+ Logo

      AFWall+ is a front-end application for the powerful iptables Linux firewall. It requires root access and its looks like the mixture of NetGuard and DroidWall! However, it is very efficient at managing the network traffic. 

      AFWall+ Screenshots

      It also allows you to control traffic within the LAN or while connected through VPN. There are many useful features in this app including LAN support, Tether support, IPV6/IPV4 support, Blocked packets notification, App Lock, DroidWall rules support, and etc.

      Mobiwol Log

      This app works without root access. Like any other Firewall apps, MobiWol can be used to save battery, reduce data usage, and secure your privacy. It also allows you to specify a rule for new applications (allow or block).

      Mobiwol Screenshots

      It always alerts the user when an app tries to access the internet. And the Connection Logs component has a search feature which I find very useful.

      NoRoot Data Firewall Logo

      NoRoot Data Firewall allows you to control and monitor the traffic on non-rooted devices. There are some unique features in this app, one of them is the ability to capture packets.

      NoRoot Data Firewall Screenshot

      You can also protect the app from unauthorized access by enabling the “password protect” feature in this app. If you want to block your device from accessing the internet at night, just enable the “Night Mode” feature.

      Some other useful features of the app:

      • Record, analyze and sort the data usage for each app.
      • Set temp permission for just 1 hour.
      • Domain filter.
      • IP filter.
      • Set DNS server address.

      LostNet NoRoot Firewall Logo

      It is a simple app that you can use to stop all communications that you don’t need. With LostNet NoRoot Firewall, you can block access to those countries that you don’t trust.

      LostNet NoRoot Firewall Screenshot

      It can capture and analyze the packets sent to and from your device. That way, you can check whether your personal info is sent out. The app is also capable of removing traffic to certain ad networks.

      LostNet NoRoot Firewall also allows you to create multiple profiles in order to switch between specific rules for different situations. For example, when children use your device.

      That’s all. I hope you liked the article. If you did, please share this article with your friends and followers. Because sharing is caring….

      Peace out.,..


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      Bytecode Viewer – A Lightweight User Friendly Java Reverse Engineering Suite

      Bytecode Viewer - A Lightweight User Friendly Java Reverse Engineering Suite

      Bytecode Viewer is an advanced yet user friendly Java reverse engineering suite that is equpped with a Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more.

      Also, it is written completely in Java, and it’s open sourced.

      First, download the latest version of BVC (Bytecode Viewer).

      Then run the Bytecode-Viewer-2.9.x.jar.

      You may need to execute it via command line:

      java -jar Bytecode-Viewer-2.9.x.jar

      Remember to replace the X with the current minor version.

      Bytecode Viewer Screenshot

      How To Use Bytecode Viewer

      Run BVC, and then add a jar, class or APK file into the workspace.

      Then, select the file you’d like to view from the workspace.

      BCV will automatically start decompiling the class in the background. When it’s done it will show the Source code, Bytecode and Hexcode of the class file you chose (depending on the View panes you have selected). If you are trying to view a resource BCV will attempt to display it the best it can with code highlighting or by embedding the resources itself.

      Command Line Input:

      -help                               Displays the help menu
      -list                               Displays the available decompilers
      -decompiler             Selects the decompiler, procyon by default
      -i                      Selects the input file (Jar, Class, APK, ZIP, 
                                          DEX all work automatically)
      -o                     Selects the output file (Java or Java-Bytecode)
      -t                Must either be the fully qualified classname 
                                          or "all" to decompile all as zip
      -nowait                             Doesn't wait for the user to read the CLI messages
      


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      Mobile Security Framework (MobSF) – An All-In-One Mobile Application Security Assessment Framework

      Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

      Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

      MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

      Screenshots:

      • Static Analysis – Android
      MobSF Android Static Analysis Screenshot

      Requirements:

      • Mac:
        • Install Git
        • Install Python 3.6 – 3.7 (3.8 is not supported)
        • macOS Catalina users must uninstall existing python3 and install the one from Python.org. After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command
        • Install JDK 8+
        • Install command line tools xcode-select –install
        • Download & Install wkhtmltopdf as per the wiki instructions
        • macOS Mojave users, install headers if available: 

      • Ubuntu/Debian based Linux:
        • Install Git sudo apt get install git
        • Install Python 3.63.7 sudo apt-get install python3
        • Install JDK 8+ sudo apt-get install openjdk-8-jdk
        • Install the following dependencies 

      If you are running MobSF in Windows host, you do not have to configure anything, apart from interacting with the automated installation script for the first time when you run MobSF. However, if you are using a different host OS, you need to configure a Windows VM. Sadly binskim is only available on Windows. So even for static analysis, a Windows VM is required.
      Steps on the Windows-VM:

      • Install the following requirements on the VM
        • Python 3
        • rsa (via python -m pip install rsa)
      • Download the setup.py script and run it
      • There is some manual interaction, but if there are no errors, everything is good and the RPC-Server should be running.

      Remember: Use separate Windows-VM for MobSF and don’t expose it to a network range where an attack might be coming from. The best solution is to set it to host-only mode.

      • To integrate a Windows-VM into MobSF, please follow these steps. 
        • Get the IP of you VM and set in the MobSF/settings.py-File (search for WINDOWS_VM_IP)
        • (If not yet done:) Copy the private rsa key from the vm to MobSF

      If you see errors like this:

      MobSF setup script assume that your VM or host Windows box have a C Drive and you have all the permissions to perform read/write operations in C:MobSF. This error occurs if you don’t have proper read/write permissions.

      IMPORTANT:

      • Set JAVA_HOME environment variable.
      • iOS IPA Analysis works only on Mac, Linux and Docker containers.

      Dynamic Analysis:

      • Dynamic Analysis will not work if you use MobSF docker container or setup MobSF inside a Virtual Machine.
      • Install Genymotion

      Installation:

      Tested on Windows 10, Ubuntu (18.04, 19.04) , macOS Catalina

      IMPORTANT: Windows users, before running setup.bat close any opened folders of MobSF or text editors with MobSF opened. Either of these can interrupt the setup by causing permission errors.

      Running MobSF

      • For Linux and Mac: ./run.sh
      • For Windows: run.bat

      You can navigate to http://localhost:8000/ to access MobSF web interface.

      Configuring Dynamic Analyzer

      Dynamic analysis using a real mobile phone is not supported.

      Run a Genymotion Android VM before starting MobSF. Everything will be configured automatically at runtime. MobSF requires Genymotion Android x86 VMs version 4.1 to 9.0 for dynamic analysis. We recommend using Android 7.0 and above.

      Android versions 5 and above are automatically MobSFyed on first run. For Android versions less than 5, you must MobSFy the Android Runtime prior to Dynamic Analysis for the first time. Click MobSFy Android Runtime button in Dynamic Analysis page to MobSFy the android runtime environment.


      HTTPS Proxy

      • For Android versions 4.4 – 9.0, global proxy settings are automatically applied at runtime.
      • For Android version 4.1 – 4.3, set Android VM proxy as displayed in Dynamic Analysis page.

      If Dynamic Analyzer doesn’t detect your android device, you need to manually configure ANALYZER_IDENTIFIER in MobSF/settings.py. Example: ANALYZER_IDENTIFIER = ‘192.168.56.101:5555’. You can find the Android Device IP from the Genymotion title bar and the default port is 5555.

      MobSF Docker Container

      Lazy to setup MobSF? Use the latest MobSF docker image (Dynamic Analysis is not supported)

      MobSF e-Learning Courses & Certification

      We have 2 self paced e-learning courses that covers MobSF and other Android Security tools.

      • OpSecX – Automated Mobile Application Security Assessment with MobSF – MAS (Currently being updated)
      • OpSecX – Android Security Tools Expert – ATX

      Updating MobSF

      If you are updating MobSF, In most cases you might have to perform database migrations or you will see errors such as

      Run the below command to migrate your db

      If the above changes didn’t work, you might have to run setup.sh or setup.bat again which will delete your previous scan results.

      APKiD

      APKiD is enabled by default. To disable it, set APKID_ENABLED to False in MobSF/settings.py.

      VirusTotal Scan

      VirusTotal Scan is disabled by default. You need to add your VirusTotal API Key before enabling it.

      AppMonsta Android Play Store Information

      We use AppMonsta API to fetch details from Google Play Store as a fail safe to our primary implementation. It is disabled by default. To enable it, you need AppMonsta API Key.

      • Get AppMonsta API Key from: AppMonsta API Key
      • In MobSF/settings.py, add your API Key to APPMONSTA_KEY and restart MobSF.

      Mass Static Analysis

      MobSF supports mass static analysis. Here is how to run a mass static analysis:

      • Run mass_static_analysis.py

      Example: python mass_static_analysis.py -s 127.0.0.1:8000 -d /home/files/ 

      Using Postgres DB instead of SQLite:

      Install psycopg2: pip3 install psycopg2-binary

      Go to MobSFsettings.py

      Comment the following:

      Now uncomment the following:

      Create a database in Postgres named mobsf and configure the above settings with correct username, password and other details.

      Apply Migrations:

      Now you can start MobSF server and you have successfully configured Postgres as your database.

      If you want all user uploads, downloads and user configurations to be created in home directory, enable home directory support:

      To provide personalized version of MobSF to multiple users on an OS or to bundle MobSF with a pentesting distro you might need the home directory support enabled.

      To enable Home Directory support, go to settings.py and set USE_HOME to True.


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      10 Best Free Proxy/VPN Apps For Android 2020

      Best Free Proxy/VPN Apps



      Today you are going to see 10 best proxy/VPN apps for android:

      Before diving into the list, let me ask you a question: what is a proxy? If you don’t know, no need to worry, I will tell you what it is (Trust me, no boring stuff here).

      A proxy is actually another device/computer that acts as an intermediary between your device and the rest of the internet. If your computer is connected to a proxy server, your requests to access any server on the internet will be processed by the proxy server. That means there will be no direct connection between your computer and the service/website you are accessing.

      If you still don’t get the concept, let me tell you a real life example:

      Let’s assume, you are not allowed to visit a particular country, let’s say “France”, and you want to go there and grab some stuffs. What do you do? You will probably assign another person who has no restriction to visit France to grab those things for you, right? That person is actually doing the same work of a proxy server.

      Got it? I hope you did.

      Update: I have also included best proxy apps for iPhone, Windows, and Chrome in this article. You can use the below links to go there:

      Now, let’s dive into the list.

      Note: This list is completely based on the quality of service, bandwidth, and play store ratings. All the apps in this list can work without root access.

      Touch VPN -Free Unlimited VPN Proxy & WiFi Privacy Infographic

      Touch VPN is a completely free VPN app. There is no trial, premium or freemium. It is 100% free. And what I most like about the Touch VPN is that it has a very simple and clean user interface.

      It is powered by one of the most trusted VPN provider – Hotspot Shield.

      Screenshots:

      Touch VPN -Free Unlimited VPN Proxy & WiFi Privacy Screenshots

      Currently, Touch VPN has VPN Servers in Australia, Brazil, Canada, Czech Republic, Denmark, France, Germany, Hong Kong, India, Indonesia, Ireland, Italy, Japan, Mexico, Netherlands, Norway, Russia, Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and United States.

      Free VPN Unlimited Proxy - Proxy Master Infographic

      Proxy Master is not a completely free app, but you can use it for free with ads.

      By default, all the app traffic goes through the proxy while it is connected, But if you want to use some apps without the proxy, you can also do that, all you have to do is, tap on “Set Proxy” and then deselect the apps.

      Screenshots:

      Free VPN Unlimited Proxy - Proxy Master Screenshots

      Server locations are US Los Angeles, US New York, Singapore, Russia, Netherlands, India, United Kingdom, France, Spain, German, Canada, and Australia.

      FlashVPN Free VPN Proxy Infographic

      FlashVPN is a simple app. It offers 5 different servers, but I found that the “Singapore” option doesn’t really connect to a Singapore server but connects to a US server. Apart from that everything works very well.

      FlashVPN Free VPN Proxy Screenshots
      VPN Proxy Free App Infographic

      VPN Proxy is a good service that allows you to use 21 different proxy servers for free. But, the connection has a limit, it will only last for one hour. After that, you will be asked to reconnect. If you don’t want to break the connection, when the app notifies you that the connection is going to end in 10 minutes, you should open the app, and then click on “RESET“, an ad will play for a few seconds and then reward you with 60 more minutes.

      VPN Proxy Free App Screenshots

      Server locations are Bulgaria, Canada, Czech Republic, France, Germany, Hong Kong, Ireland, Italy, Lithuania, Luxembourg, Latvia, Netherlands, Romania, Russian Federation, Singapore, South Africa, Sweden, Switzerland, Ukraine, United Kingdom, and the United States.

      VPN Easy Infographic

      VPN Easy provides 27 different VPN servers for free. By default, your browser and the Play Store are added to the app, but if you want to add more apps, all you have to do is, tap on the “Add” button and then select the apps from the list.

      Screenshots:

      VPN Easy Screenshots

      Server locations are France, Netherlands, Germany, US Central, US Central, US West, US East, US South, Canada, Italy, Russia, Ukraine, Poland, Spain, Bulgaria, Norway, Austria, Denmark, Belgium, Luxemburg, Lithuania, Ireland, Hungary, Malaysia, Vietnam, India, and South Korea.

      GO VPN Free unlimited proxy Infographic

      VPN Master is not a completely free VPN app, but you can use 12 different high-speed VPN servers for free. It is very easy to use, all you have to do is, open the app and then select a server.

      Screenshots:

      GO VPN Free unlimited proxy Screenshots

      Free server locations are Canada (2), France (2), India (2), Nederland (2), United Kingdom(2), United States(2).

      Note: P2P traffic is not allowed.
      Turbo VPN – Unlimited Free VPN Infographic

      Turbo VPN is a simple app that provides 7 High-speed VPN servers for free. If you want faster servers and more options, you have to buy the VIP pack.

      Free server locations are India, Singapore, Germany, Netherlands, United Kingdom, Canada, and United States.

      Screenshots:

      Turbo VPN – Unlimited Free VPN Screenshots

      Note: This service cannot be used in China.

      Free VPN Proxy - Bypass blocked website Infographic

      Free VPN Proxy offers over 160 servers for free. It is a completely free app, there are no hidden charges. The user interface reminds me of Windows XP, in a good way!

      If you want a high-speed connection, you should select a VPN server which has low ping time (<100ms) and minimum total users (use the sort feature).

      Screenshots:

      Free VPN Proxy - Bypass blocked website Screenshots

      Totally Free VPN Infographic

      Totally Free VPN allows you to connect to more than 100 VPN servers for free. It is completely free. The user interface is very simple and straightforward.

      Screenshots:

      Totally Free VPN Screenshots

      The app allows you to search and sort by multiple attributes.

      Note: For higher success connection rate sort by “Score” in descending order.

      Ultrasurf (beta) - Unlimited Free VPN Proxy Infographic

      Ultrasurf is free, No registrations, No bandwidth limitations, No Ads!

      It has a simple user interface, very easy to use, and it supports proxies (HTTP and Socks).

      Screenshots:

      Ultrasurf (beta) - Unlimited Free VPN Proxy Screenshots

      Best Proxy Apps For iPhone Users:

      Best Proxy Apps For Windows PC:

      Best Proxy Apps For Chrome:

      Best Proxy Apps For Windows Phone:


      That’s all. I hope you liked the list. If you did, feel free to share this article.

      If you know any proxy apps (best proxy apps), let us know in the comment section below.

      See ya..


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

      APKTool – A Tool for Reverse Engineering Android APK Files

      APKTool - A Tool for Reverse Engineering Android APK Files

      APKTool is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc.

      Note: It is NOT intended for piracy and other non-legal uses. It could be used for localizing, adding some features or support for custom platforms and other GOOD purposes. Just try to be fair with authors of an app, that you use and probably like.

      Features

      • Disassembling resources to nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs)
      • Rebuilding decoded resources back to binary APK/JAR
      • Organizing and handling APKs that depend on framework resources
      • Smali Debugging (Removed in 2.1.0 in favor of IdeaSmali)
      • Helping with repetitive tasks

      Requirements

      • Java 8 (JRE 1.8)
      • Basic knowledge of Android SDK, AAPT and smali

      How To Install APKTool

      • Windows:
        • Download Windows wrapper script (Right click, Save Link As apktool.bat).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool.bat) to your Windows directory (Usually C://Windows).
        • If you do not have access to C://Windows, you may place the two files anywhere then add that directory to your Environment Variables System PATH variable.
        • Try running apktool via command prompt.
      • Linux:
        • Download Linux wrapper script (Right click, Save Link As apktool).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
        • Make sure both files are executable (chmod +x).
        • Try running apktool via cli.
      • Mac OS X:
        • Download Mac wrapper script (Right click, Save Link As apktool).
        • Download apktool.
        • Rename downloaded jar to apktool.jar.
        • Move both files (apktool.jar & apktool) to /usr/local/bin (root needed).
        • Make sure both files are executable (chmod +x).
        • Try running apktool via cli.

      Note: Wrapper scripts are not needed, but helpful so you don’t have to type java -jar apktool.jar over and over.

      How to Build APKTool from Source

      APKTool is a collection of 1 project, containing sub-projects and a few dependencies.

      • brut.apktool.lib – (Main, all the Library code)
      • brut.apktool.cli – The cli interface of the program
      • brut.j.dir – Utility project
      • brut.j.util – Utility project
      • brut.j.common – Utility project

      Requirements:

      • JDK8 (Oracle or OpenJDK)
      • git

      Build Steps:

      • First clone the repository.
        • git clone git://github.com/iBotPeaches/Apktool.git
        • cd Apktool
        • For steps 3-5 use ./gradlew for unix based systems or gradlew.bat for windows.
        • [./gradlew][gradlew.bat] build shadowJar – Builds Apktool, including final binary.
        • Optional (You may build a Proguard jar) [./gradlew][gradlew.bat] build shadowJar proguard

      After build completes you should have a jar file at:
      ./brut.apktool/apktool-cli/build/libs/apktool-xxxxx.jar

      Windows Requirements

      Windows has some limitations regarding max filepath. At one location in APKTool, there is a 218 character directory path which means due to the limitation of max 255 characters on Windows we need to enforce some requirements.

      This leaves 37 characters total to clone the project on Windows. For example, we can clone this project to the location.

      This is 31 characters, which allows APKTool to be cloned properly. Cloning the project into a directory longer than 37 characters will not work.

      You might also like:

      • Bluto – DNS Recon, Brute Forcer, DNS Zone Transfer, DNS Wild Card Checks, DNS Wild Card Brute Forcer, Email Enumeration, Staff Enumeration, and Compromised Account Checking
      • ARDT – Akamai Reflective DDoS Tool
      • Sonar.js – A Framework for Identifying and Launching Exploits Against Internal Network Hosts
      • CredCrack – A Fast and Stealthy Credential Harvester
      • SPF – SpeedPhishing Framework
      • King Phisher – Phishing Campaign Toolkit
      • D-Link Password Decryptor – Tool for Recovering Passwords from D-Link Modems/Routers
      • Kadimus – Local File Inclusion (LFI) Scan & Exploit Tool
      • SNMPBrute – Fast SNMP Brute Force, Enumeration, CISCO Config Downloader and Password Cracking Script
      • Egresser – Client/Server Scripts Designed To Test Outbound Firewall Rules
      • OnionShare – Tool For Sharing Files Securely and Anonymously (Windows, Linux, Mac OS X)
      • Pyrasite – Tools for Injecting Code Into a Running Python Process
      • Dumb0 – Simple Script To Harvest Usernames From Popular Forums and CMS
      • iGoat – A Deliberately Insecure iOS Application


      Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.