Is there any virtualbox or vmware appliances or anything like metasploitable that one can use to practice mobile pentest without the real hardware? I can find those for traditional ethernet but what about mobile, especially phone network like 3g/lte and also others like wifi, bluetooth etc.
Thanks.
(*) A short list of available apps include iGoat, "Damn Vulnerable" apps of other kinds, the Exploit-Me labs from Security Compass, and most importantly the amazing work behind OWASP GoatDroid and the Sieve APK app intended to be a testing ground for the Drozer mobile attack framework. Ideally, a person interested in the security footprint of the mobile space would utilize a variety of open source apps (available by searching the Internet) or by building their own apps that expose the full functionality of the vendor SDKs.
(**) The particular components in SamuraiSTFU that cover RF technology generally focus on technologies that are not specifically 3G or LTE. Thus, I might recommend instead that you check out a variety of other resources including a book that came out last week called "Getting Started with OpenBTS" (O'Reilly Press) which mentions the Ettus Research and other GSM network hardware/software that can run production, but amateur, carrier-like networks.
Other important titles include: "Hacking and Securing iOS Applications", "Bulletproof Android: Practical Advice for Building Secure Apps", "Android Security Internals", "Mac OS X and iOS Internals: To the Apple's Core", "Android Security Cookbook" -- as well as a few titles that you may or may not be able to get early access to: "The Mobile Application Hacker's Handbook" and "iOS Application Security: The Definitive Guide for Hackers and Developers", but that will be out soon available from bookstores such as Amazon or services such as SafariBooksOnline or Books24x7. There are a few books that I left out of this list because there are quite a lot and perhaps too numerous to list right here right now.
Just as an aside, I do a lot of mobile and payment (e.g., digital wallet) testing for my full-time job, about 8 years in these specific industries. So I've been penetration testing mobile devices and platforms since the original iPhone was released. I have had a keen interest in NFC technology, especially Secure Element and TEE sub technologies involved in the mobile payment space directly (the Android Internals book mentioned above touches on these a little bit).
For a more complete set of resources covering 3G and earlier technologies in terms of security issues one would expect to hear about as exploitable from a penetration testing perspective, be sure to check out all of these:
http://events.ccc.de/congress/2014/Fahrplan/events/6531.html
http://events.ccc.de/congress/2014/Fahrplan/events/6122.html
http://events.ccc.de/congress/2011/Fahrplan/events/4663.en.html
http://events.ccc.de/congress/2010/Fahrplan/events/4090.en.html
http://events.ccc.de/congress/2010/Fahrplan/events/4151.en.html
http://events.ccc.de/congress/2009/Fahrplan/events/3555.en.html
http://events.ccc.de/congress/2009/Fahrplan/events/3654.en.html
http://events.ccc.de/congress/2008/Fahrplan/events/2997.en.html
http://events.ccc.de/congress/2002/fahrplan/event/495.en.html
Since all of the common virtualization products only emulate ethernet adapters and not 3G or LTE the answer is, that there can not be such virtual appliance. Also, there is no difference between 3G, LTE, DSL, and local ethernet apart from MTU, bandwidth and latency as long as you stay on the IP level.
