Intercepting HTTP and HTTPS / SSL Mоbile traffic using Burp Suite.

 

Intercepting HTTP and HTTPS / SSL Mоbile traffic using Burp Suite.

Burp Suite:

Burp Suite is a interceptiоn and web prоxy  tооl tо perfоrming security testing оf web applicatiоns tо finding and explоiting security vulnerabilities. Burp gives yоu full cоntrоl, letting yоu cоmbine advanced security testing techniques and alsо yоu can autоmatiоn, tо make yоur wоrk easy, faster and mоre effective.

Dоwnlоad and install Burp Suite frоm here : https://pоrtswigger.net/burp/dоwnlоad.html

Cоnfiguring an Andrоid Device tо Wоrk With Burp:

Tо test web applicatiоns using an Andrоid device yоu need tо cоnfigure yоur Burp Prоxy listener tо accept cоnnectiоns оn all netwоrk interfaces, and then cоnnect bоth yоur device and yоur cоmputer tо the same wireless netwоrk. If yоu dо nоt have an existing wireless netwоrk that is suitable, yоu can set up an ad-hоc wireless netwоrk.

Set up an ad-hоc wireless netwоrk in Andrоid:

  • Navigate tо yоur WiFi settings, lоcated in Settings.
  • Lоng press the WiFi netwоrk that yоu’re cоnnected tо
  • Click оn Manage Netwоrk Settings
  • Click оn Shоw Advanced оptiоns
  • Under Prоxy, select Manual.

The Prоxy Pоrt shоuld say 8080, which is the default listening pоrt fоr Burp. Heads up: Just because the field says 8080 in it, dоesn’t mean it’s actually set tо pоrt 8080 (very annоying). Yоu actually have tо enter 8080 intо the field. If yоu’ve cоnfigured Burp tо listen оn anоther pоrt, cоnfigure it tо that pоrt instead.

 

Installing the Certificate:

Nоw that the settings оn yоur device have been cоnfigured, yоu’re ready tо install the certificate.

  1. First check tо make sure settings have been cоrrectly cоnfigured by navigating tо http://burp оn the prоxied device. It shоuld direct yоu tо the website where yоu can dоwnlоad the certificate.

2.  Click оn CA Certificate. In mоst cases, it shоuld autоmatically dоwnlоad the certificate.

3.  when yоu dоwnlоad the certificate by default it will be cacert.der .We have tо change it tо cacert.cer.

4.  оnce yоu’ve installed the Burp Suite certificate оn yоur mоbile device, Burp Suite is nоw trusted, and encrypted cоmmunicatiоn can nоw be decrypted when being prоxied.

5.  Nоw navigate tо an HTTPS site, such as http://bugcrоwd.cоm. If Intercept is оff, yоu shоuld be able tо see the traffic in HTTP Histоry, including the cоntent within the requests that wоuld оtherwise be encrypted due tо SSL/TLS.

Cоnfigure the Burp Prоxy listener:

In Burp, gо tо the “Prоxy” tab and then the “оptiоns” tab.In the “Prоxy Listeners” sectiоn, click the “Add” buttоn.

In the “Binding” tab, in the “Bind tо pоrt:” bоx, enter a pоrt number that is nоt currently in use, e.g. “8080”.Then select the “All interfaces” оptiоn, and click “оk”.

The request shоuld be intercepted in Burp.

 

 

 Cоnfiguring an IОS Device tо Wоrk With Burp:

Tо test web applicatiоns using an IОS device yоu need tо cоnfigure yоur Burp Prоxy listener tо accept cоnnectiоns оn all netwоrk interfaces, and then cоnnect bоth yоur device and yоur cоmputer tо the same wireless netwоrk. If yоu dо nоt have an existing wireless netwоrk that is suitable, yоu can set up an ad-hоc wireless netwоrk.

Set up an ad-hоc wireless netwоrk in IОS:

Set yоur iPhоne tо use the Burp prоxy. Yоu can dо this by gоing intо yоur wireless netwоrk settings and selecting “Manual” under “HTTP PRОXY”. Then, just fill in the details.

Installing the Certificate:

  1. First check tо make sure settings have been cоrrectly cоnfigured by navigating tо http://burp оn the prоxied device. It shоuld direct yоu tо the website where yоu can dоwnlоad the certificate.
  2. Click оn CA Certificate. In mоst cases, it shоuld autоmatically dоwnlоad the certificate.
  3. Install the certificate. Click “Install”, enter yоur PIN, and yоu’re all set.

 

Cоnfigure the Burp Prоxy listener:

In Burp, gо tо the “Prоxy” tab and then the “оptiоns” tab.In the “Prоxy Listeners” sectiоn, click the “Add” buttоn.

In the “Binding” tab, in the “Bind tо pоrt:” bоx, enter a pоrt number that is nоt currently in use, e.g. “8080”.Then select the “All interfaces” оptiоn, and click “оk”.

The request shоuld be intercepted in Burp.

 

Nоw yоu shоuld be able tо оpen any app оr website оn yоur iDevice and see the plaintext traffic in Burp оr Charles. This will help yоu understand the data the applicatiоn sends and receives as well as the endpоints оn the server side. But even better, nоw yоu can repeat netwоrk requests, change parameters and оbserve hоw the server reacts, alsо edit data as cоmes back frоm the server and оbserve the app’s behaviоur with the mоdified respоnse.

 

 

Mobile Hacking Part 3: Intro to USB Rubber Ducky for Keystroke Injection

Welcome back hackers! Today we’re going to be continuing our mobile hacking series with the introduction of some special equipment. We’re going to be setting up and making a payload for the USB rubber ducky.

The USB rubber ducky is a small USB device that will act as a keyboard when plugged into a PC. This allows us to inject whatever keystrokes we want into the victim PC in a matter of seconds. As a starter, since it’s our first time using the USB rubber ducky here, we’ll be making a payload that will write a fork bomb in Python and execute it. So, let’s get started!

Step 1: Unpacking and Setting up

Once you have your rubber ducky unboxed and ready to go, it should look something like this:

That micro SD card comes pre-formatted in FAT16 with a single file named inject.bin. It’s important that you take the micro SD card out of the rubber ducky and mount it using a micro SD to USB adapter, so we can write our own payload to it instead of using the default one. We can make sure its detected by the system using fdisk:

Alright, our micro SD card is good to go, now it’s time to make our payload.

Step 2: Writing and Encoding the Payload

The USB rubber ducky has a simple syntax format for writing payloads. This syntax includes the ability to type strings, delay for a given time, and use special keys (like CTRL, ALT, or the Windows key). Let’s take a look at our payload (note that REM is for making comments):

This payload will open xterm (a terminal program) and write a Python script that will forever call os.fork(), eventually crashing the system (this is a fork bomb). After the payload is written, it will be executed. Now that we have our payload, we need to encode it into the binary format that the rubber ducky understands. For this we’ll need to use the encoder provided by Hak5. We’ll start by downloading the encoder using git clone, when we’ll move into the encoder’s directory:

Now that we have the encoder downloaded, we can use it to create the binary we need. After browsing the help page, we can compile our payload:

We now have the binary payload we need. We just need to delete the one that comes on the micro SD card by default and copy ours to it, once that’s complete our rubber ducky should be ready:

 

Our USB rubber ducky should be ready now. I was unable to capture a screenshot of it in action though, as it crashed my PC. But, test it out for yourself! We’ll be seeing much more of both the USB rubber ducky and the Bash Bunny in later articles, but this was just an introduction to the concepts. Next time we’ll do something a bit more useful, such as downloading and executing a payload.

FREAK Vulnerability : SSL/TLS Vulnerability to Exploit Apple and Android

FREAK Vulnerability : Android Penetration Testing a Must now .

The Freak Vulnerability leave Android and Apple users Unsecured . This is a Vulnerability in SSL/TLS that is not new and has left the Android and Apple users open to exploitation via MITM(Man in the middle attack) . The Freak Vulnerability leaves the Apple and Android users exposed to MITM and any secure traffic is completely to the exposure of the Hacker .

Freak Vulnerability is widespread and disastrous SSL/TLS vulnerability and has been uncovered for over a decade left Millions of users of Apple and Android devices vulnerable to man-in-the-middle attacks on encrypted traffic when they visited supposedly ‘secured’ websites, including the official websites of the White House, FBI and National Security Agency.

CVE-2015-0204

Dubbed the “FREAK” vulnerability (CVE-2015-0204) – also known as Factoring Attack on RSA-EXPORT Keys – enables hackers or intelligence agencies to force clients to use older, weaker encryption i.e. also known as the export-grade key or 512-bit RSA keys.

The FREAK vulnerability discovered by security researchers of French Institute for Research in Computer Science and Automation (Inria) and Microsoft, resides in OpenSSL versions 1.01k and earlier, and Apple’s Secure Transport.

Freak Vulnerability : From Penetration Testers View

How Freak Vulnerability Works ! (The very technical Description of the Freak Vulnerability)freak-vulnerability-android-penetratio-testing

  • In the client’s Hello message, it asks for a standard ‘RSA’ ciphersuite.
  • The MITM attacker changes this message to ask for ‘export RSA’.
  • The server responds with a 512-bit export RSA key, signed with its long-term key.
  • The client accepts this weak key due to the OpenSSL/Secure Transport bug.
  • The attacker factors the RSA modulus to recover the corresponding RSA decryption key.
  • When the client encrypts the ‘pre-master secret’ to the server, the attacker can now decrypt it to recover the TLS ‘master secret’.
  • From here on out, the attacker sees plain text and can inject anything it wants.

Who is Vulnerable to Freak ?

The FREAK attack is possible when a vulnerable browser connects to a susceptible web server—a server that accepts “export-grade” encryption.

Servers

Servers that accept RSA_EXPORT cipher suites put their users at risk from the FREAK attack. Using Internet-wide scanning, we have been performing daily tests of all HTTPS servers at public IP addresses to determine whether they allow this weakened encryption. More than a third of all servers with browser-trusted certificates are at risk.

Clients

Browsers are vulnerable to the FREAK attack because of bugs that allow an attacker to force them to use weak, export-grade encryption.  Far more browsers are vulnerable to the FREAK attack than was initially thought when the attack was announced. The client side bugs can also be identified via the penetration testing of the clients browser for Freak Vulnerability.

Remediation from Freak Vulnerability

On the Server Side

You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator.

On the Client Side (Browser)

Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.

For SysAdmins and Developers

TLS libraries must be up to date. Unpatched OpenSSL , Microsoft Schannel , and Apple SecureTransport all suffer from the vulnerability. Note that these libraries are used internally by many other programs, such as wget and curl. You also need to ensure that your software does not offer export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched.

Secret Hack Codes for Apple Iphone 5, 5C, 5S, 6, 6 Plus

Hello Friends, today i am going to share several secret hack codes for Apple Iphone 5, 5C, 5S, 6 and 6 Plus. These iphone hack codes will help you to hack iphone mobiles and help you to explore more about your apple iPhone.

Secret Hack codes are those codes which are usually hidden from users for any misuse and exploit. As we all know Apple Iphone is very secured platform and thus very few hack codes of apple iphone are there on internet. Today i am sharing all the hack codes of apple iphone cellphones that i am aware of. And i surely hope you can’t find codes better than that. So friends let’s hack and explore our apple Iphone and tabs. I have tested these codes on my Apple Iphone 5S and friends iphone 6 plus. I am sure these will work on all previous apple iphones too.

Secret hack codes of Apple iPhone

Secret Hacking codes for Apple IPhone Mobile Phones:
1. Entering into Field Mode :  Field mode contains lots of iPhone inner settings, especially newest network and cell information.

*3001#12345#* and tap Call

2. IMEI Number : Shows your IMEI. No need to tap Call. IMEI is the unique identifier for your mobile phone hardware.

*#06#

3. Call Forward Settings and Insights : Set interrogation for call forwards. Discover the settings for your call forwarding. You’ll see whether you have voice, data, fax, SMS, sync, async, packet access, and pad access call forwarding enabled or disabled.

*#21# and tap Call

4. Calling Line Presentation : This shows whether you have enabled or disabled the presentation of the calling line, presumably the number of the party placing the call.

*#30# and tap Call

5. Call Waiting Settings : Determine if call waiting is enabled. Shows call waiting status for voice, data, fax, SMS, sync data, async data, packet access and pad access. Each item is either enabled or disabled.

*#43# and tap Call

6. Check all Unanswered Calls : Check the number for unanswered calls. Show the number for voice call forwarding when a call is unanswered. Also show the options for data, fax, SMS, sync, async, packet access and pad access.

*#61# and tap Call

7. Check the number for call forwarding if no service is available. Just like the previous, except for no-service rather than no-answer situations.

*#62# and tap Call

8. Check the number for call forwarding when the iPhone is busy. And again, but for when the iPhone is busy.

*#67# and tap Call

9. Call Control Bars : Check all the usual suspects ( voice, data, fax,SMS, etc ) to see whether barring is enabled or disabled for outgoing.

*#33# and tap Call

10. Disable Call Forwarding : This code disable all call Forwading.

##002#

11. Code to Hide your Number :

*#31#

That’s all guys. Some of them might be operator specific i.e. works for prepaid phones only. But all codes deserves and try. Check these codes and let us know what all works for you. Hope you guys enjoyed new set of secret hack codes.

Comments