EVABS : An Open Source Android Application That Is Intentionally Vulnerable

EVABS is an open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.

The effort is to introduce beginners with very limited or zero knowledge to some of the major and commonly found real-world based Android application vulnerabilities in a story-based, interactive model.

EVABS follows a level-wise difficulty approach and in each level, the player learns a new concept. This project is still under progress and aims at incorporating as many levels as possible.

Also Read – IPRotate : Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

INSTALLATION

Download the application file (apk).
Install it in an Android device (rooted recommended) or emulator.

REQUIREMENTS

Android Emulator (Default/Genymotion) or a rooted Android device.
FRIDA
ADB
apktool
dex2jar

or use ADHRIT (all-in-one tool)

Confused? Read the documentation on setting up the environment.

CHANGE LOG

Flag checking module added within EVABS.
Alternatively, you can use this link to submit flags from your browser.
UI improvements

BUILDING LOCALLY

Clone the repository git clone https://github.com/abhi-r3v0/EVABS.git or download the zip.
Create a new folder EVABS in your “AndroidStudioProjects“` directory and move the contents to the new directory.
Fire up Android Studio, File -> open and select the project.
Go to Build -> Generate Signed APK.
Create a new signature, if it doesn’t exist. Sign the APK.
Install the APK using adb install EVABS.apk