Install InsecureBank in Kali Linux

This vulnerable Android application is named “InsecureBankv2” and is made for security enthusiasts and developers to learn the Android insecurities by testing this vulnerable application. Its back-end server component is written in python. It is compatible with Python2. 

The list of vulnerabilities that are currently included in this release are:

  • Flawed Broadcast Receivers
  • Intent Sniffing and Injection
  • Weak Authorization mechanism
  • Local Encryption issues
  • Vulnerable Activity Components
  • Root Detection and Bypass
  • Emulator Detection and Bypass
  • Insecure Content Provider access
  • Insecure Webview implementation
  • Weak Cryptography implementation
  • Application Patching
  • Sensitive Information in Memory
  • Insecure Logging mechanism
  • Android Pasteboard vulnerability
  • Application Debuggable
  • Android keyboard cache issues
  • Android Backup vulnerability
  • Runtime Manipulation
  • Insecure SDCard storage
  • Insecure HTTP connections
  • Parameter Manipulation
  • Hardcoded secrets
  • Username Enumeration issue
  • Developer Backdoors
  • Weak change password implementation

Many of my online students have reported that they find difficulty in setting up InsecureBank especially with the prerequisite web.py. The common mistake they do is trying to install web.py on Python3. But you need to remember that web.py is available only on Python2 and InsecureBank supports only Python2 environment. Hence I have written this article to explain how to setup the prerequisites successfully and make the app running.

STEP1: Install InsecureBank App

  • Download InSecureBank archive from here
  • Unzip to InsecureBank folder

# unzip -d InsecureBank Android-InsecureBankv2-master.zip

  • Install app on Android emulator (Genymotion)

# cd InsecureBank

# adb install InsecureBankv2.apk

STEP 2: Setup AndroLab Server

AndroLab Back-end Server is python2 based and does not support running on python3. Because one of its prerequisite web.py, basically is designed for python2.x only. It does not work for python3 and you will get an error similar to below if you try to do so. 

web.py exit status 1, print “var”, var is python2 syntax It does not work in python3

Install Python2

# sudo apt install python-pip

command install python2, pip and all dependencies

Verify Python2 installation

# python –version

Note: Use double hyphen in the above version command

#pip2 –version

Note: Use double hyphen in the above version command

Install AndroLab prerequisites

#pip2 install flask

#pip2 install flask-sqlalchemy

#pip2 install simplejson

#pip2 install cherrypy

#pip2 install web.py

Start AndroLab

#python2.7 app.py

shows server is started successfully and running on port 8888

STEP 3: Configure InsecureBank App

  • Find ip address of Kali Linux

# ifconfig

IP address of my kali linux is 192.168.100.15
  • In the android emulator, open InsecureBank app, press on 3 dots on top right of app.
  • Open Preferences and type Server IP as 192.168.100.15 and keep port as 8888 then Submit
  • Login to app with default credentials of dinesh/Dinesh@123$

Here is an useful video tutorial of what I have explained so far.

You may also like...