# 3. MANUAL DYNAMIC ANALYSIS

## PROXY SETUP

* Install [Burp-Suite](https://portswigger.net/burp/communitydownload) (**recommended**)

### AVD || rooted devices

* Cert installation:&#x20;
  * [BEFORE Android 7 (Nougat)](https://support.portswigger.net/customer/portal/articles/1841102-installing-burp-s-ca-certificate-in-an-android-device)
  * [Android 7 or higher](https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/)&#x20;
* Proxy setup:
  * [Virtual device](https://developer.android.com/studio/run/emulator-networking#proxy)
  * [Physical phone](https://www.howtogeek.com/295048/how-to-configure-a-proxy-server-on-android/)

### Additional tools

* [Install drozer on host & phone](https://labs.mwrinfosecurity.com/tools/drozer/)
* [Android SDK](http://www.androiddocs.com/sdk/installing/index.html)
  * adb might be located @ *Android/Sdk/platform-tools/* (*Linux*)

### Do they work?

#### **adb**

*list devices:*

```
adb devices
```

*port forwarding for drozer client:*

```
adb forward tcp:31415 tcp:31415
```

#### **drozer**

*list available drozer clients*

```
drozer console devices
```

*connect to drozer client and end up in drozer-shell: "**dr>**":*

```
drozer console connect
```

## PROXY-AWARE APPS - SETUP

### Xamarin

add the following code in the OnCreate or Main method

```
WebRequest.DefaultWebProxy = new WebProxy("<Proxy-IP>", <Proxy-Port>);
```

### Traffic routing (remotely sniff via netcat)

```
tcpdump -i <interface: wlan0> -s0 -w - | nc -l -p 11111
```

```
adb forward tcp:11111 tcp:11111
```

```
nc localhost 11111 | wireshark -k -S -i -
```

{% hint style="info" %}
Downside - if **HTTPS**, you are not able to see any request bodies
{% endhint %}

### Man-in-the-Middle w/ bettercap

*(command may defer due to bettercap version)*

```
sudo bettercap -eval "set arp.spoof.targets <TARGER-IP>; arps.spoof on; set arp.spoof.internal true; set arp.spoof.fullduplex true;"
```

### Redirect with iptables

```
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <PROXY-IP>:8080
```

*verify iptables settings*

```
iptables -t nat -L
```

*iptables config:*

```
iptables -t nat -F
```

### WHY?

{% hint style="info" %}

* In case of **XAMARIN** (ignores system proxy - not always! give it a try before you cry)
* **Other** **protocols** are used (XMPP or other non-HTTP)
* To intercept push notifications
* The app itself verifies the connection and refuse
  {% endhint %}