AdSense

Tuesday, December 13, 2016

ANDROID PT / Traffic Interception over HTTP and HTTPS


TRAFFIC INTERCEPTION OVER HTTP AND HTTPS

- Layout for this exercise:




- Connecting Santoku to Nexus 5:




1 - INTERCEPTION OVER HTTP

- Clicking Settings on the Nexus 5 device:




- Going to the Wi-Fi connection:












- Modifying the connection:




- Showing advanced options:




- Enabling Proxy manually:




- Entering Santoku's IP (192.168.1.12) and port 8080:




- Starting the Burp suite at Santoku:






- Configuring Options for Burp:






















- Editing for listening on all interfaces:




- Editing the listening rules:




- Enabling the interception (on), the proxy Burp is now ready to read all traffic originated from the Nexus 5 device:




- To check the correct functionalty of the Burp proxy, let's install an application like Any.DO, what sends data to a web server over HTTP:




- Starting Any.DO:




- Signing in the application:




 - The interception is successful, because Burp displays both the username and password of the "signing in" process:





2 - INTERCEPTION OVER HTTPS

- For the purpose of intercepting an HTTPS connection a certificate is needed.

- Going to http://burp, there is a tab for downloading the CA Certificate:




- Dowloading the CA certificate:




- Going to Settings ->  Security:




- When trying to install the certificate, there is a cacert.der file at the Downloads folder.

- However, Android needs a differente type of extension (.crt, and not .der) to validate a certificate:



















- Going to Santoku, and accessing the Download folder of external storage:




- To make the certificate readable by Android, just renaming the file extension is enough, from cacert.der to cacert.cert:






- Now, going back to Nexus 5, the cacert.crt file is available to be installed:




- Giving a name to the certificate:




- When trying to perform the installation, a pattern, PIN or password is required:






- Picking up the PIN option:




- Chossing a PIN:






- Finally, the certificate is installed:




- Going to Trusted credentials (installed by USER), the certificate is available:




 - Now, connecting to a website over an HTTPS connection:





- Burp detects the HTTPS connection:




 - Checking the features of the HTTPS connection, and clicking the lock icon before the URL:






- Viewing the certificate: