Skip to content
This repository has been archived by the owner on Feb 5, 2019. It is now read-only.

Getting Started

Jump to bottom
jackMannino edited this page Sep 25, 2012 · 3 revisions

Goatdroid is fully self-contained and doesn't require any external components except the Android SDK and an IDE if you wish to work directly from source code. It uses embedded Jetty to host the web services and an embedded Derby database implementation.

GoatDroid is composed of the following components:

  • GUI application used to present information, interact with the SDK and control the web services
  • Android applications containing horrifically vulnerable code
  • Embedded Jetty web server
  • Embedded Derby database

After you download and unzip GoatDroid, getting up and running should be fast and straightforward. The following steps outline the process for initial setup:

  1. In the root of the GoatDroid folder, launch goatdroid-gui.jar
  2. Launch Configuration -> Edit Configuration
  3. Set your AVD path to the path where your Android virtual devices folder is located
  4. Set your SDK path to the root folder of where your SDK is located
  5. Optionally, set the web service listening port. The defaults are 8888 for HTTP and 9888 for HTTPS.

To proceed, you must have an Android virtual device or an actual Android device plugged into your computer. To create a virtual device, follow the steps listed here: http://developer.android.com/tools/devices/index.html

Now that you have the basic environment configured, it's time to get the apps up and running:

  1. Within the GoatDroid GUI, select an app and then press the "Start Web Service" button
  2. Start a virtual device using the GUI option, command line, or by plugging in an actual Android device
  3. Push the app of your choice either by using the GoatDroid GUI option or by using the following command: ./adb install <path.to.app>/package.apk
  4. Launch the application
  5. Press the menu button and select Destination Info
  6. Enter the IP address of the host where the web service is listening, which should he your computer's IP address. This is not 127.0.0.1. The default port is 9888 for HTTPS.
  7. Optionally, configure the IP address for a proxy. If you wish to use an intercepting proxy to test the web services, you will want to use this.
  8. Now, log into the application with the default credentials. In most GoatDroid apps, you may be able to register for new accounts as well.
Clone this wiki locally