> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ADB: Android Debug Bridge

> ADB command reference for Android pentesting: device management, file transfer, shell access, app analysis, and traffic interception setup.

## Overview

ADB (Android Debug Bridge) is the primary interface for interacting with Android devices and emulators. For pentesters, it enables shell access, APK extraction, log capture, port forwarding, and app manipulation.

Requires USB Debugging enabled on the device (Settings → Developer Options → USB Debugging).

***

## Connect

**USB:**

```bash theme={"dark"}
adb devices
```

**TCP/IP (Wi-Fi):**

```bash theme={"dark"}
# First connect via USB, then switch to TCP
adb tcpip 5555
adb connect <DEVICE-IP>:5555
adb disconnect
```

**Emulator:**

```bash theme={"dark"}
adb -e shell        # emulator only
adb -d shell        # physical device only
adb -s <SERIAL> shell  # specific device by serial
```

***

## Shell

```bash theme={"dark"}
adb shell                        # interactive shell
adb shell <command>              # single command
adb shell su                     # root shell (rooted device)
```

***

## App Management

**List packages:**

```bash theme={"dark"}
adb shell pm list packages               # all
adb shell pm list packages -3            # third-party only
adb shell pm list packages | grep <name>
```

**Get APK path:**

```bash theme={"dark"}
adb shell pm path <package.name>
```

**Pull APK from device:**

```bash theme={"dark"}
adb pull /data/app/<package.name>-<hash>/base.apk ./target.apk
```

**Install / uninstall:**

```bash theme={"dark"}
adb install target.apk
adb install -r target.apk        # reinstall (keep data)
adb uninstall <package.name>
```

**Start / stop app:**

```bash theme={"dark"}
adb shell am start -n <package>/<activity>
adb shell am force-stop <package.name>
```

***

## File Transfer

```bash theme={"dark"}
adb pull /sdcard/file.txt ./             # device → host
adb push ./file.txt /sdcard/             # host → device
```

Common paths:

| Path                | Contents                         |
| ------------------- | -------------------------------- |
| `/sdcard/`          | External storage                 |
| `/data/data/<pkg>/` | App private data (root required) |
| `/data/local/tmp/`  | World-writable temp dir          |

***

## Logs

```bash theme={"dark"}
adb logcat                               # all logs
adb logcat -s <TAG>                      # filter by tag
adb logcat | grep -i <package>           # filter by package name
adb logcat -d > logcat.txt              # dump and exit
adb logcat -c                           # clear log buffer
```

***

## Port Forwarding

Forward traffic from host to device, useful for connecting Burp Suite to the emulator proxy or accessing services on the device:

```bash theme={"dark"}
adb forward tcp:<HOST-PORT> tcp:<DEVICE-PORT>
adb forward tcp:8080 tcp:8080
```

Reverse forward (device → host):

```bash theme={"dark"}
adb reverse tcp:<DEVICE-PORT> tcp:<HOST-PORT>
adb reverse tcp:8080 tcp:8080
```

***

## Traffic Interception Setup (Burp Suite)

**Step 1: Push Burp CA to device:**

```bash theme={"dark"}
# Export DER from Burp → convert to PEM
openssl x509 -inform der -in burp.der -out burp.pem

# Get the hash filename Android expects
openssl x509 -inform PEM -subject_hash_old -in burp.pem | head -1
# Example output: 9a5ba575

mv burp.pem 9a5ba575.0

# Push to system trusted store (root required)
adb push 9a5ba575.0 /sdcard/
adb shell
su
mount -o rw,remount /system
cp /sdcard/9a5ba575.0 /system/etc/security/cacerts/
chmod 644 /system/etc/security/cacerts/9a5ba575.0
```

**Step 2: Set proxy on device:**

Settings → Wi-Fi → Long press network → Modify Network → Advanced → Proxy Manual → set Burp host/port.

Or via ADB:

```bash theme={"dark"}
adb shell settings put global http_proxy <BURP-IP>:8080
# Remove proxy
adb shell settings delete global http_proxy
```

***

## Filesystem / App Data

```bash theme={"dark"}
# List app data directory (root required)
adb shell ls /data/data/<package.name>/

# Pull entire app data
adb pull /data/data/<package.name>/ ./app-data/

# Shared preferences (often stores tokens/flags)
adb shell cat /data/data/<package.name>/shared_prefs/<name>.xml

# SQLite databases
adb pull /data/data/<package.name>/databases/<db>.db .
sqlite3 <db>.db .tables
sqlite3 <db>.db "SELECT * FROM <table>;"
```

***

## Broadcast / Intent Injection

Send intents to test exported components:

```bash theme={"dark"}
# Start activity
adb shell am start -a android.intent.action.VIEW -d "http://target.com"

# Start exported activity directly
adb shell am start -n <package>/<activity>

# Send broadcast
adb shell am broadcast -a <ACTION> --es key value

# Start service
adb shell am startservice -n <package>/<service>
```

***

## Dumpsys

```bash theme={"dark"}
adb shell dumpsys activity                     # running activities
adb shell dumpsys activity packages | grep <pkg>  # package info
adb shell dumpsys package <package.name>       # permissions, activities, services
adb shell dumpsys meminfo <package.name>       # memory usage
```

***

## Useful One-Liners

```bash theme={"dark"}
# Screenshot
adb shell screencap /sdcard/screen.png && adb pull /sdcard/screen.png

# Screen record
adb shell screenrecord /sdcard/record.mp4

# Current foreground activity
adb shell dumpsys window | grep mCurrentFocus

# List exported activities
adb shell dumpsys package <package.name> | grep -A 2 "Activity"

# Check if device is rooted
adb shell which su

# Get Android version
adb shell getprop ro.build.version.release

# Get device architecture
adb shell getprop ro.product.cpu.abi
```
