Mobile Device Hacking
This tech segment was seen on Security Weekly - Episode 307 for Thursday November 1st, 2012
Mobile Device Hacking with Charlie Eriksen
In recent episodes, the subject of mobile security has come up. Mobile security is something that's fairly new, and is ripe with security and privacy concerns if you go looking for them, as a result of how new the platform is, and how much of a gold rush it has been to develop this sort of software. This provides you with a platform which is easily snooped and attack on. As it happens, most mobile traffic is plain HTTP(S), which makes the barrier to entry very low for doing sniffing of traffic and such. One tool for doing so, which provides a lot of great features, is Burp Suite. We'll take a look at how you can set up your iOS devices to work with Burp and have a bit of fun.
The first thing you'll need is to install burp. What you'll need to do is extract the root certificate used by Burp for SSL traffic. This can be done with following steps:
- Point your browser of choice to use Burp as a proxy
- Go to a HTTPS page
- View the certificate that you're presented with, which is obviously not trusted
- Go to the certificate path/hierarchy, and export the PortSwigger CA certificate to a file named something like "burp.cer"
Now that we have a saved version of the burp root certificate, next step is loading it onto our iOS device(A link to instructions for Android can be found at the end). To do this, you can either send it as an attachment to the mail on the device if you have that set up, or you may serve it over http. In this example, we'll use python to serve up the file.
- Open a command prompt in the folder which you saved the file
- Execute this command: python -m SimpleHTTPServer 8088
- Now grab your iOS device, browse to the IP of the machine on port 8088, and you will be given directory listing of the folder.
- Click on the certificate file (burp.cer)
- You'll be taken to the System preferences application, where you're prompted to install the certificate
At this point, you need to now direct the iOS device to use Burp on your local machine as a proxy. You do this by:
- Go to the wireless settings for the device
- Click on the arrow on the right of the entry for the wireless network you are on
- Scroll to the bottom, and select Manual for proxy settings
- Input the IP of your burp machine on the local network, port 8080(By default)
- Open up burp, go to Proxy > Options
- Observe that the listener only listens to the loopback interface by default.
- Select the listener, click edit
- Select "All Interfaces", hit OK
At this stage, you should now be able to open any application or browser on your iPad, and Burp Suite is fully able to intercept most, if not all, HTTP(S) traffic! Only your imagination will now limit you from all the fun and interesting things you can discover with this! You can find some of the findings I made here(http://ceriksen.com/tag/ios/). Instructions for importing the Burp certificate into Android can be found here: http://support.google.com/android/bin/answer.py?hl=en&answer=1649774