3. MANUAL DYNAMIC ANALYSIS

PROXY SETUP

Install Burp-Suite (recommended)

AVD || rooted devices

Cert installation:
- BEFORE Android 7 (Nougat)
- Android 7 or higher
Proxy setup:
- Virtual device
- Physical phone

Additional tools

Install drozer on host & phone
Android SDK
- adb might be located @ Android/Sdk/platform-tools/ (Linux)

Do they work?

adb

list devices:

adb devices

port forwarding for drozer client:

adb forward tcp:31415 tcp:31415

drozer

list available drozer clients

drozer console devices

connect to drozer client and end up in drozer-shell: "dr>":

drozer console connect

PROXY-AWARE APPS - SETUP

Xamarin

add the following code in the OnCreate or Main method

WebRequest.DefaultWebProxy = new WebProxy("<Proxy-IP>", <Proxy-Port>);

Traffic routing (remotely sniff via netcat)

tcpdump -i <interface: wlan0> -s0 -w - | nc -l -p 11111

adb forward tcp:11111 tcp:11111

nc localhost 11111 | wireshark -k -S -i -

Downside - if HTTPS, you are not able to see any request bodies

Man-in-the-Middle w/ bettercap

(command may defer due to bettercap version)

sudo bettercap -eval "set arp.spoof.targets <TARGER-IP>; arps.spoof on; set arp.spoof.internal true; set arp.spoof.fullduplex true;"

Redirect with iptables

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <PROXY-IP>:8080

verify iptables settings

iptables -t nat -L

iptables config:

iptables -t nat -F

WHY?

In case of XAMARIN (ignores system proxy - not always! give it a try before you cry)
Other protocols are used (XMPP or other non-HTTP)
To intercept push notifications
The app itself verifies the connection and refuse

Previous2. AUTOMATED STATIC ANALYSIS Next3.1 Install application & use it

Last updated 6 years ago

hashtagPROXY SETUP

hashtagAVD || rooted devices

hashtagAdditional tools

hashtagDo they work?

hashtagadb

hashtagdrozer

hashtagPROXY-AWARE APPS - SETUP

hashtagXamarin

hashtagTraffic routing (remotely sniff via netcat)

hashtagMan-in-the-Middle w/ bettercap

hashtagRedirect with iptables

hashtagWHY?