Java Android Magisk Burp Objection Root Emulator Easy (JAMBOREE)
Get a working portable Python/Git/Java environment on Windows in SECONDS without having local administrator, regardless of your broken Python environment. Our open-source script downloads directly from proper sources without any binaries. While the code may not be perfect, it includes many useful PowerShell tricks.
- Run Android apps and pentest without the adware and malware of BlueStacks or NOX.
- Run BloodHound Active Directory auditing tool
- AUTOMATIC1111 Stable Diffusion web UI A browser interface based on Gradio library for Stable Diffusion
- AutoGPT ( Setup for Pay as you go gpt3-turbo https://platform.openai.com/account/usage )
How it works:
- Temporarily resets your windows $PATH environment variable to fix any issues with existing python/java installation
- Build a working Python environment in seconds using a tiny 16 meg nuget.org Python binary and portable PortableGit. Our solution doesn't require a package manager like Anaconda.
I would like to make it even easier to use but I don't want to spend more time developing it if nobody is going to use it! Please let me know if you like it and open bugs/suggestions/feature request etc!
Requirements:
- Local admin just to install Android AVD Driver:
HAXM Intel driver ( https://github.com/intel/haxm )
OR
AMD ( https://github.com/google/android-emulator-hypervisor-driver-for-amd-processors )
Usage:
Put ps1 file in a folder WITH NO SPACES ( WIP for true portability for now path must stay the same )
Rightclick Run with PowerShell
OR
From command prompt (NO SPACES IN THE PATH)
powershell -ExecutionPolicy Bypass -Command "[scriptblock]::Create((Invoke-WebRequest "https://raw.githubusercontent.com/freeload101/Java-Android-Magisk-Burp-Objection-Root-Emulator-Easy/main/JAMBOREE.ps1").Content).Invoke();"
More infomation on bypass Root Detection and SafeNet https://www.droidwin.com/how-to-hide-root-from-apps-via-magisk-denylist/
( Watch the Video Tutorial below it's a 3-5 min process. You only have to setup once. After that it's start burp then start AVD )
Burp/Android Emulator (Video Tutorial )
Burp Proxy/ZAP Proxy
Burp Crawl Config
Included %USERPROFILE%\AppData\Roaming\BurpSuite\ConfigLibrary_JAMBOREE_Crawl_Level_01.json the "Headed" Browser is no longer supported
Example Objection / Frida
Status of Automation Script
| Core | Status |
|---|---|
| AUTOMATIC1111 | ![heavy_check_mark](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="64" height="64"><rect fill-opacity="0"/></svg>){kind=small} |
| AutoGPT | |
| Bloodhound | |
| Brida, Burp to Frida bridge | |
| SaftyNet+ Bypass | |
| Burp Suite Pro / CloudFlare UserAgent Workaround-ish | |
| ZAP Using Burp | |
| Google Play | |
| Java | |
| Android 11 API 30 | |
| Magisk | |
| Burp | |
| Objection | |
| Root | |
| Python | |
| Frida | |
| Certs | |
Credit
Rogdham/python-xz#4 for xz extraction in Python!!!
https://github.com/newbit1/rootAVD RootAVD
Bloodhound-Portable Bloodhound Portable
Six Degrees of Domain Admin
Useful cypher queries and links
The BloodHound 4.3 Release Get Global Admin More Often.mp4 20230418
https://www.google.com/search?q=%22shortestPath%22+%22bloodhound%22+site:github.com
https://github.com/drak3hft7/Cheat-Sheet---Active-Directory
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://github.com/BloodHoundAD/BloodHound/wiki/Cypher-Query-Gallery
Slack
https://bloodhoundhq.slack.com ( not sure how to get invite )
BloodHound Portable for Windows (You can run this without local admin. No Administrator required)
Usage
- Download the .ps1 script
- Click the SharpHound button as a normal domain user Alternatively you can use Runas.exe inside of a VM under domain user context with
runas /netonly /user:"US.COMPANY.DOMAIN.COM\UESERNAME@COMPANY.COM" cmdor try/user:"DOMAIN\USERNAME"to run SharpHound.exe - Click Neo4j to start the database
- Change the default Neo4j password. Wait for Neo4j You must change password at http://localhost:7474
- Click Bloodhound button to start bloodhound
- Import the .zip of JSON files from the output of
SharpHound.exe -s --CollectionMethods All --prettyprint true
Parse Sharphound Output Pretty_Bloodhound.py ( not needed they fixed it )
** You may need to whitelist or disable Bloodhound/Sharphound in your Endpoint Security Software ( Or just obfucate it if your lucky... Resource Hacker or echo '' >> Sharphound.exe etc ... ) **
** Last tested Bloodhound 4.1.0 **
Credit: https://bloodhound.readthedocs.io/en/latest/_images/SharpHoundCheatSheet.png
References/Unsorted:
https://www.droidwin.com/how-to-hide-root-from-apps-via-magisk-denylist/
https://github.com/Fox2Code/FoxMagiskModuleManager/releases
https://forum.xda-developers.com/attachments/magiskhidepropsconf-v6-1-2-zip.5453567/
https://github.com/whalehub/custom-certificate-authorities
https://github.com/NickstaDB/patch-apk/archive/refs/heads/master.zip
https://payatu.com/blog/amit/android_pentesting_lab
https://medium.com/@pranavggang/ssl-pinning-bypass-with-frida-framework-6fb71ca43e33
https://joshspicer.com/ssl-pinning-android
https://www.youtube.com/watch?v=JR4gDRYzY2c
https://markuta.com/magisk-root-detection-banking-apps/
CERT Install
https://www.youtube.com/watch?v=Ml2GIRNIstI
https://www.youtube.com/watch?v=KL1jUvNSL94
https://www.youtube.com/watch?v=Jg4hyZfFTdc
https://systemweakness.com/how-to-install-burp-suite-certificate-on-an-android-emulator-bb2972ba188c
PINNING
https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting
NOTES
https://gist.github.com/Pulimet/5013acf2cd5b28e55036c82c91bd56d8
