Genymotion is one of the fastest and most flexible Android environments for pentesting. It boots quicker than the Android Studio Emulator, offers smoother performance, exposes ADB cleanly, supports root out of the box, and integrates easily with Burp Suite, Frida, and custom network setups. This chapter provides a full-length, in-depth, hands-on configuration, covering installation, networking, rooting, certificate installation, system modification, data extraction, API redirection, instrumentation, and everything needed to turn Genymotion into a complete Android pentesting lab.

Installing Genymotion and VirtualBox

Genymotion Desktop depends on VirtualBox to run virtual devices. Begin by installing both.

Install VirtualBox
Install Genymotion Desktop
Launch Genymotion
Sign into your Genymotion account
Click Add to create a new virtual device
Choose a device profile such as Pixel 3, Pixel 4, Pixel 5
Select an Android version (Android 8–11 recommended for maximum compatibility)
Create and start the virtual device

On first boot, you will see a clean Android environment that behaves like a real phone but is far easier to manipulate.

Connecting to Genymotion Through ADB

Genymotion exposes ADB automatically. Check for the device:

adb devices

If nothing appears, manually connect:

adb connect 192.168.56.101:5555

Depending on your host-only adapter, the IP may vary. Verify connection:

adb shell

ADB access enables installation, data extraction, Frida deployment, and traffic manipulation.

Root Access in Genymotion

Genymotion devices ship with root access enabled by default. Confirm:

adb shell
su

If you see a root prompt, you are ready for system-level pentesting. Root access allows:

Changing system files
Installing system CA certificates
Inspecting app private directories
Editing /etc/hosts
Running Frida without restrictions

If root is not available in your build, recreate the device using a Google APIs image or older Android version.

Installing APKs for Pentesting

Install a target APK:

adb install app.apk

Reinstall:

adb install -r app.apk

Install after modifying an APK:

adb install -r -d app.apk

This is useful when repackaging or altering code using apktool.

Configuring Burp Suite Proxy

To intercept traffic:

Open Settings inside Genymotion
Go to Network & Internet
Select the active Wi-Fi
Long press → Modify Network
Set Proxy → Manual
Host: your computer’s IP
Port: 8080

Test connectivity:

adb shell ping <your_host_ip>

If it responds, traffic can now flow through Burp.

Installing Burp CA Certificate into System Store

Most apps do not trust user-installed CA certificates. For full network interception, install Burp CA into the system certificate store.

Export Burp certificate (DER format):

cacert.der

Push certificate:

adb push cacert.der /sdcard/

Remount system as writable:

adb root
adb remount

Move certificate to system CA folder:

adb shell
su
mv /sdcard/cacert.der /system/etc/security/cacerts/9a5ba575.0
chmod 644 /system/etc/security/cacerts/9a5ba575.0

Reboot the device:

adb reboot

Genymotion will now trust your proxy for TLS interception.

Installing and Running Frida Server

Frida is required for bypassing SSL pinning, root detection, tamper checks, and runtime protections.

Push Frida server to the device:

adb push frida-server /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server"

Start Frida server:

adb shell "/data/local/tmp/frida-server &"

Verify:

frida-ps -U

Inject SSL bypass script:

frida -U -f com.app -l ssl_bypass.js --no-pause

This restores MITM capability for apps with strict certificate pinning.

Extracting App Data from /data/data

With root access, inspect private app storage.

List installed packages:

adb shell pm list packages

View app directory:

adb shell ls /data/data/<package>/

Extract SharedPreferences:

adb pull /data/data/<package>/shared_prefs/ .

Extract SQLite databases:

adb pull /data/data/<package>/databases/ .

Check for:

Tokens
Passwords
API keys
Session IDs
Logs
Internal data
Cached PII

This is a critical part of static and dynamic analysis.

Inspecting Logs in Real Time

Genymotion logs are extremely verbose. Monitor application behavior:

adb logcat

Filter by package:

adb logcat | grep <package>

Look for:

Hardcoded URLs
Debug messages
Stack traces
Sensitive data leaks

Log analysis directly exposes vulnerabilities and network endpoints.

Editing /etc/hosts for API Redirection

Redirect app traffic to your own server:

adb root
adb remount
adb shell
su
echo "10.0.3.2 api.example.com" >> /etc/hosts

In Genymotion:

Host machine IP = 10.0.3.2

Use this for:

Redirecting production calls
Endpoint fuzzing
Mocking responses
Injecting malicious payloads

Intercepting Requests Without Proxy (Manual Routing)

Some apps bypass proxy settings. Force routing using iptables:

adb shell
su
iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --to-destination 10.0.3.2:8080

This ensures Burp catches traffic even if the app tries to evade standard proxying.

Installing Google Play Services (If Required)

Some apps require Firebase, FCM, Maps, or Google Login. Install GApps using Genymotion’s built-in module:

Start the device
Click Open GApps button
Accept installation
Reboot

You now have a Play Store-enabled pentesting environment.

Taking Snapshots

Snapshots let you revert to a clean state instantly.

Steps:

Open Genymotion
Select your device
Click Snapshots
Create a snapshot after full setup

Use snapshots to quickly revert after:

Malware analysis
Repackaging tests
Destructive operations

Deep Network Inspection with Host-Only Mode

Genymotion uses a host-only network which helps in pentesting:

Device and host see each other directly
Avoids router-level restrictions
Ideal for MITM and packet capture

Capture packets with tcpdump on host-only interface.

Dynamic Instrumentation with Frida Hooks

Sample hook for tracing API calls:

Java.perform(function() {
    var httpUrlConn = Java.use("javax.net.ssl.HttpsURLConnection");
    httpUrlConn.getInputStream.implementation = function() {
        console.log("HTTPS Request Triggered");
        return this.getInputStream();
    };
});

Run:

frida -U -f com.app -l trace.js --no-pause

This reveals network behavior in real time.

Testing Sensors, GPS, and Movement

Genymotion allows simulation of:

GPS location
Battery levels
Network type
Movement
Orientation

Set custom GPS:

adb emu geo fix <longitude> <latitude>

Example:

adb emu geo fix 72.8777 19.0760

Used to test location-based vulnerabilities.

Full Practical Genymotion Pentesting Workflow

Install Genymotion + VirtualBox
Create Pixel device with Android 8–11
Ensure ADB connectivity
Enable root access
Configure Burp Suite proxy
Install Burp CA at system level
Install target APK
Intercept traffic
Start Frida server
Bypass SSL pinning
Inspect app private storage
Modify hosts file for redirection
Use logcat for debugging
Simulate GPS, sensors, and network changes
Snapshot device state for quick rollback
Perform dynamic instrumentation and exploitation

This configuration produces a complete, professional-grade Android pentesting environment.

Intel Dump

Genymotion offers fast virtual devices ideal for pentesting
Provides built-in root, ADB access, and VirtualBox networking
Supports Burp proxy routing and system-level CA installation
Frida enables bypassing SSL pinning and protections
Root access allows extracting /data/data for analysis
Hosts file modification enables redirecting APIs
Logcat monitoring reveals sensitive data and endpoints
GPS, sensors, and environment simulation help test advanced app logic
Snapshots allow instant rollback to a clean test state