Intercepting Mobile Application Traffic

To intercept mobile application traffic you need to perform MITM attacks. This can be easily done using proxies like Burp Suite, Fiddler, Charles, Paros, etc. I prefer to use burp suite as it is most flexible to use for penetration testing.
The below given steps will help you to setup required interception environment:  

  1. Install the target application.apk on the mobile device, let’s consider Android device in this case.
  2. Now goto MenuàSettingàWi-Fi
  3. Connect to your common Wifi being used by your Mobile device and Laptop.
  4. Find the IP address of your laptop using “ifconfig/ipconfig” command.
  5. Now in your mobile Wi-Fi, touch-n-hold the connected Wi-Fi and select “Modify Network
  6. Check the option “Show advanced options” and under proxy settings select “Manual”. Now enter
·         Proxyhostname: <your laptop IP>                           
·         Proxy Port: <8080>

               7. Now on your laptop Start Burp Suite. Go in Proxy TabàOptionsàEdit


      8. Now select the interface and Port: 8080.
Now you are all set to perform MITM attacks.

NOTE: this process will allow you to intercept data of application using HTTP channel only. To intercept HTTPSdata you need to install BurpCA certificate.
  

Comments

Post a Comment

Popular posts from this blog

Source Code Review

Image
Introduction Source Code review is a process which discovers hidden vulnerabilities, design flaws, and verifies if key security controls are implemented. Code review helps developers learn the code base, as well as help them learn new technologies and techniques that grow their skill sets. In source code review we are using a combination of scanning tools and manual review to detect insecure coding practices, backdoor, injection flaws, cross site scripting errors, insecure handling of resources, weak cryptography etc. Many claims that this process is time consuming and too costly, but there is no doubt that this process is the fastest and most accurate way to find and diagnose many problems, mostly your code is the base from hackers are taking advantage. There are dozens of security problems that simply can’t be found any other way. A source code review is also the best way to detect intentional or accidental backdoors and logic bombs in applications that you acquire from thi...
Read more

Cyber Security and DFIR Interview Questions

Cyber Security is an exotic field, and every next person wants to explore this domain and make a career in it, but the problem is they have no idea how to get in and even if they do, They don't have any idea on what type of questions they might face in an interview. Recently  @Miss_Malware  asked for everyone's favorites security analyst and DFIR interview question that gave me an idea to compile a list of questions which are asked in every interview one way or another. What follows is a list of questions which you may face in an interview. Note: All These questions have compiled with the help of @Miss_Malware's twitter thread, contribution from friends and very intelligent internet searches :P, All the relevant sources (Read those I remember) have been mentioned at end of the post. GENERAL What is DNS? Differentiate between TCP and UDP? How does HTTP handle state? Does TLS use symmetric or asymmetric encryption? What is "Risk"? What is "Risk...
Read more