3. MANUAL DYNAMIC ANALYSIS

PROXY SETUP

• Install Burp-Suite (recommended)

AVD || rooted devices

• Cert installation:

  • BEFORE Android 7 (Nougat)

  • Android 7 or higher

• Proxy setup:

  • Virtual device

  • Physical phone

Additional tools

• Install drozer on host & phone

• Android SDK

  • adb might be located @ Android/Sdk/platform-tools/ (Linux)

Do they work?

adb

list devices:

adb devices

port forwarding for drozer client:

adb forward tcp:31415 tcp:31415

drozer

list available drozer clients

drozer console devices

connect to drozer client and end up in drozer-shell: "dr>":

drozer console connect

PROXY-AWARE APPS - SETUP

Xamarin

add the following code in the OnCreate or Main method

WebRequest.DefaultWebProxy = new WebProxy("<Proxy-IP>", <Proxy-Port>);

Traffic routing (remotely sniff via netcat)

tcpdump -i <interface: wlan0> -s0 -w - | nc -l -p 11111

adb forward tcp:11111 tcp:11111

nc localhost 11111 | wireshark -k -S -i -

Downside - if HTTPS, you are not able to see any request bodies

Man-in-the-Middle w/ bettercap

(command may defer due to bettercap version)

sudo bettercap -eval "set arp.spoof.targets <TARGER-IP>; arps.spoof on; set arp.spoof.internal true; set arp.spoof.fullduplex true;"

Redirect with iptables

iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <PROXY-IP>:8080

verify iptables settings

iptables -t nat -L

iptables config:

iptables -t nat -F

WHY?

• In case of XAMARIN (ignores system proxy - not always! give it a try before you cry)

• Other protocols are used (XMPP or other non-HTTP)

• To intercept push notifications

• The app itself verifies the connection and refuse