[Pauldotcom] Security Assessment: Mobile Application on Windows Mobile 6
Joshua Wright
jwright at hasborg.com
Thu Jan 12 20:13:24 UTC 2012
On 1/12/2012 2:55 PM, Dimitrios Kapsalis wrote:
> I'm experimenting with different mobile devices and applications on each.
> For the WM6 I have an application whose traffic I'd like to capture
> using an HTTP Proxy. How can a proxy be configured for the connection? I
> saw one proxy setting in the connections menu but it does not seem to be
> working.
>
> Has anyone looked at any applications on the Windows Mobile 6 devices?
You can use Burp as a transparent proxy server. Use Ettercap or
arpspoof to establish a MitM connection between the WM6 device and your
Linux box (Backtrack 5 R1 on a virtual machine is a good start), then
use iptables to send all the HTTP traffic to Burp:
# ettercap -TqM arp:remote /172.16.0.102/ /172.16.0.1/
In this example, 172.16.0.102 is the WM6 device, and 172.16.0.1 is the
default gateway:
# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Here, all traffic to port 80 is sent to the local system running Burp on
port 8080. This way, you don't have to rely on the crappy proxy
implementation on WM6.
In Burp, make sure you disable proxy intercept (unless you want to
manually forward traffic). Then you'll be able to inspect all the HTTP
activity, and match and replace content on the fly to perform
client-side injection against the WM6 device.
This is something I've been writing up for the new SANS course I'm
working on, SEC575: Mobile Phone and Tablet Security and Ethical
Hacking. The course is going to debut in May in San Diego, and I'm
finishing up the section on exploiting HTTP and HTTPS rendering
functionality on client systems today. More information about the
course is available at http://bit.ly/wCT86U (sans.org).
-Josh
More information about the Pauldotcom
mailing list